SQL Injection Vulnerability in Job Recruitment Software by Code-Projects
CVE-2024-11077

6.9MEDIUM

Key Information:

Vendor: Code-projects
Status: Job Recruitment
Vendor: CVE Published:; 11 November 2024

🔔 Create Code-projects Vulnerability Alert

What is CVE-2024-11077?

An SQL injection vulnerability exists in the Job Recruitment software by Code-Projects. This vulnerability allows attackers to manipulate the 'email' argument within the /index.php file, leading to unauthorized access to the underlying database. Due to the nature of the exploit, it can be executed remotely, posing significant risks to data integrity and user confidentiality. The vulnerability has been publicly disclosed, making affected systems a target for potential attacks. Prompt remediation is essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Job Recruitment 1.0

References

https://vuldb.com/?id.283872

vdb-entrytechnical-description

https://vuldb.com/?ctiid.283872

signaturepermissions-required

https://vuldb.com/?submit.441184

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2024

Credit

李腾

谢亚轩

刘芮彤

UnrealDawn (VulDB User)