SQL injection vulnerability could expose sensitive information
CVE-2024-8470

7.5HIGH

Key Information:

Vendor: PHPgurukul
Status: Job Portal
Vendor: CVE Published:; 5 September 2024

Summary

A SQL injection vulnerability exists in the Job Portal application, where an attacker can manipulate the CATEGORY parameter within the /jobportal/admin/vacancy/controller.php endpoint. By sending crafted SQL queries, attackers may gain unauthorized access to sensitive information stored in the database, potentially compromising user data and other critical information within the application. Prompt action is necessary to mitigate this risk and strengthen the application's security posture.

Affected Version(s)

Job Portal 1.0

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Sep 5, 2024

Collectors

NVD DatabaseMitre Database

Credit

Rafael Pedrero