← back
CVE-2026-7732

code-projects BloodBank Managing System request_blood.php unrestricted upload

CVSS 5.3 MEDIUMEPSS 0.2%CWE-284CWE-434
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Affected products
code-projects · BloodBank Managing System
public PoCs found1
cve_referencegithub.com/QAp89/CVE/blob/main/Arbitrary%20file%20upload%20leading%20to%20RCE1.mdunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://code-projects.org/https://github.com/QAp89/CVE/blob/main/Arbitrary%20file%20upload%20leading%20to%20RCE1.mdhttps://vuldb.com/submit/807558https://vuldb.com/vuln/360907https://vuldb.com/vuln/360907/cti