CVE-2025-63535 – This SQL injection vulnerability in Blood Bank ... (How to Fix)

Q: What is the severity of CVE-2025-63535?

CVE-2025-63535 has a CVSS score of 9.6 (CRITICAL). This SQL injection vulnerability in Blood Bank Management System 1.0 allows attackers to inject malicious SQL code through the search field in abs.php. Attackers can bypass authentication and gain unauthorized access to sensitive blood bank data. Organizations using this specific software version are affected.

📋 TL;DR

This SQL injection vulnerability in Blood Bank Management System 1.0 allows attackers to inject malicious SQL code through the search field in abs.php. Attackers can bypass authentication and gain unauthorized access to sensitive blood bank data. Organizations using this specific software version are affected.

💻 Affected Systems

Products:

Blood Bank Management System

Versions: 1.0

Operating Systems: Any OS running PHP and MySQL

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the abs.php component specifically. Any deployment using the vulnerable version is affected.

📦 What is this software?

Blood Bank Management System by Shridharshukl

View all CVEs affecting Blood Bank Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing data theft, data manipulation, and potential patient safety impacts through corrupted blood bank records.

🟠

Likely Case

Unauthorized access to sensitive patient data, donor information, and blood inventory records leading to privacy violations.

🟢

If Mitigated

Limited impact with proper input validation and database permissions preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection through search field requires minimal technical skill. Public references demonstrate exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider migrating to alternative software or implementing custom fixes.

🔧 Temporary Workarounds

Input Validation Implementation

all

Add parameterized queries and input validation to abs.php

Modify PHP code to use prepared statements: $stmt = $conn->prepare('SELECT * FROM table WHERE field = ?'); $stmt->bind_param('s', $user_input);

WAF Rule Implementation

all

Deploy web application firewall rules to block SQL injection patterns

Add WAF rule: SecRule ARGS "@detectSQLi" "id:1001,phase:2,deny,status:403"

🧯 If You Can't Patch

Isolate the system from internet access and restrict to internal network only
Implement strict network segmentation and monitor all access to the vulnerable component

🔍 How to Verify

Check if Vulnerable:

Test the search functionality in abs.php with SQL injection payloads like ' OR '1'='1

Check Version:

Check software version in admin panel or configuration files

Verify Fix Applied:

Test with same payloads after implementing parameterized queries - should return no data or error

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by successful access
SQL syntax errors in application logs

Network Indicators:

HTTP requests containing SQL keywords to abs.php
Unusual traffic patterns to the vulnerable endpoint

SIEM Query:

source="web_logs" AND uri="/abs.php" AND (request CONTAINS "UNION" OR request CONTAINS "SELECT *" OR request CONTAINS "OR '1'='1'")

📊 Metadata

CVE ID: CVE-2025-63535

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-89

EPSS Score: 0.14% exploit probability (33.9th percentile)

Published: December 1, 2025

Last Updated: December 3, 2025

🔗 References

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing Broken Link
https://github.com/Shridharshukl/Blood-Bank-Management-System Product
https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63535.md Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63535, you might also want to check these: