SQL Injection Vulnerability in Job Recruitment Software by Code-Projects
CVE-2024-11077

6.9MEDIUM

Key Information:

Vendor

Code-projects

Status
Job Recruitment
Vendor
CVE Published:
11 November 2024

What is CVE-2024-11077?

An SQL injection vulnerability exists in the Job Recruitment software by Code-Projects. This vulnerability allows attackers to manipulate the 'email' argument within the /index.php file, leading to unauthorized access to the underlying database. Due to the nature of the exploit, it can be executed remotely, posing significant risks to data integrity and user confidentiality. The vulnerability has been publicly disclosed, making affected systems a target for potential attacks. Prompt remediation is essential to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Job Recruitment 1.0

References

https://vuldb.com/?id.283872
vdb-entrytechnical-description
https://vuldb.com/?ctiid.283872
signaturepermissions-required
https://vuldb.com/?submit.441184
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

李腾
谢亚轩
刘芮彤
UnrealDawn (VulDB User)
UnrealDawn (VulDB User)
JSON
.