CVE-2022-38813 Information

Description

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php which allows attackers to access all data of users delete the users add and manage Blood Group and Submit Report.

Reference

https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0 https://github.com/RashidKhanPathan/CVE-2022-38813 https://phpgurukul.com/blood-donor-management-system-using-codeigniter