SQL Injection Vulnerability in Job Recruitment Software by Code-Projects
CVE-2024-11077

6.9MEDIUM

Key Information:

Vendor
Code-projects
Status
Job Recruitment
Vendor
CVE Published:
11 November 2024

Summary

An SQL injection vulnerability exists in the Job Recruitment software by Code-Projects. This vulnerability allows attackers to manipulate the 'email' argument within the /index.php file, leading to unauthorized access to the underlying database. Due to the nature of the exploit, it can be executed remotely, posing significant risks to data integrity and user confidentiality. The vulnerability has been publicly disclosed, making affected systems a target for potential attacks. Prompt remediation is essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Job Recruitment 1.0

References

https://vuldb.com/?id.283872
vdb-entrytechnical-description
https://vuldb.com/?ctiid.283872
signaturepermissions-required
https://vuldb.com/?submit.441184
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

Credit

李腾
谢亚轩
刘芮彤
UnrealDawn (VulDB User)
UnrealDawn (VulDB User)
.
CVE-2024-11077 : SQL Injection Vulnerability in Job Recruitment Software by Code-Projects | SecurityVulnerability.io