CVE-2026-10250 itsourcecode CVE debrief

Who should care

Organizations running itsourcecode Online Blood Bank Management System 1.0, particularly healthcare and blood bank operations relying on this software for donor and camp management. Security teams monitoring PHP-based healthcare applications for SQL injection risks. Administrators responsible for web application security in medical/healthcare IT environments.

Technical summary

The /admin/campsdetails.php endpoint in itsourcecode Online Blood Bank Management System 1.0 fails to properly sanitize user-supplied input to the hospital parameter, enabling SQL injection attacks. The vulnerability is remotely exploitable without authentication requirements per the CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N). The attack surface is administrative functionality for camp details management. Successful exploitation could allow unauthorized data access, modification, or deletion depending on database configuration and application privileges.

Defensive priority

medium

Recommended defensive actions

• Apply input validation and parameterized queries to the hospital parameter in /admin/campsdetails.php
• Restrict network access to /admin/campsdetails.php to authorized administrative hosts if patching is not immediately feasible
• Monitor web application logs for anomalous SQL-related patterns targeting the hospital parameter
• Contact itsourcecode for official patch availability and verification
• Review database user privileges to enforce least privilege access for the application

Evidence notes

Vulnerability identified in /admin/campsdetails.php with hospital parameter as injection point. CVSS 4.0 vector indicates network attack vector with low complexity, no privileges required, and no user interaction needed. Public exploit availability confirmed by source references. Vendor identification derived from reference domain candidate 'Itsourcecode' with low confidence.

Official resources