Unprotected Against SQL Injection:Job Portal at Risk of Data Exfiltration
CVE-2024-8467

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

Summary

An SQL injection vulnerability exists in the Job Portal's admin interface, specifically within the /jobportal/admin/category/index.php file. This flaw enables attackers to craft a malicious query through the 'id' parameter, potentially granting them unauthorized access to all data contained within the database. This vulnerability emphasizes the importance of input validation and proper handling of user inputs to prevent such exploitation. Organizations using this platform are advised to implement security patches and ensure robust security practices are in place to safeguard sensitive information.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Rafael Pedrero