Employee Information at Risk Due to SQL Injection Vulnerability
CVE-2024-8469

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

Summary

An SQL injection vulnerability exists in the job portal's admin interface, specifically within the 'id' parameter of the endpoint /jobportal/admin/employee/index.php. This flaw enables an unauthorized attacker to craft a malicious query that could potentially expose sensitive information stored in the database. Exploitation of this vulnerability could lead to significant data breaches, making it crucial for organizations to implement appropriate security measures to safeguard their applications.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Rafael Pedrero