Employee Information at Risk Due to SQL Injection Vulnerability
CVE-2024-8469

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

What is CVE-2024-8469?

An SQL injection vulnerability exists in the job portal's admin interface, specifically within the 'id' parameter of the endpoint /jobportal/admin/employee/index.php. This flaw enables an unauthorized attacker to craft a malicious query that could potentially expose sensitive information stored in the database. Exploitation of this vulnerability could lead to significant data breaches, making it crucial for organizations to implement appropriate security measures to safeguard their applications.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Rafael Pedrero

PHPgurukul

What is CVE-2024-8469?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit