SQL injection vulnerability could expose sensitive information
CVE-2024-8470

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

What is CVE-2024-8470?

A SQL injection vulnerability exists in the Job Portal application, where an attacker can manipulate the CATEGORY parameter within the /jobportal/admin/vacancy/controller.php endpoint. By sending crafted SQL queries, attackers may gain unauthorized access to sensitive information stored in the database, potentially compromising user data and other critical information within the application. Prompt action is necessary to mitigate this risk and strengthen the application's security posture.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Credit

Rafael Pedrero

PHPgurukul

What is CVE-2024-8470?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit