Unprotected Against SQL Injection:Job Portal at Risk of Data Exfiltration
CVE-2024-8467

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

What is CVE-2024-8467?

An SQL injection vulnerability exists in the Job Portal's admin interface, specifically within the /jobportal/admin/category/index.php file. This flaw enables attackers to craft a malicious query through the 'id' parameter, potentially granting them unauthorized access to all data contained within the database. This vulnerability emphasizes the importance of input validation and proper handling of user inputs to prevent such exploitation. Organizations using this platform are advised to implement security patches and ensure robust security practices are in place to safeguard sensitive information.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Rafael Pedrero

PHPgurukul

What is CVE-2024-8467?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit