Powerjob vulnerable to SQL injection via version parameter
CVE-2024-44546

9.8CRITICAL

Key Information:

Vendor: Powerjob
Status: Powerjob
Vendor: CVE Published:; 11 November 2024

What is CVE-2024-44546?

PowerJob versions 3.20 and above are susceptible to an SQL injection vulnerability through the handling of the version parameter. This flaw could potentially allow an attacker to manipulate database queries, leading to unauthorized data access or modification. Users of PowerJob are advised to implement necessary safeguards and upgrade to the latest version to mitigate risks associated with this vulnerability.

References

https://github.com/PowerJob/PowerJob

https://gist.github.com/jwx0539/5151f53ec497474cab6af4fa8...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2024

CVE-2024-44546 Data

JSON