SQL Injection Vulnerability in Code-Projects Job Recruitment Application

CVE-2025-0168

What is CVE-2025-0168?

CVE-2025-0168 is a critical SQL Injection vulnerability that affects the Code-Projects Job Recruitment application, specifically within the file /_parse/_feedback_system.php. SQL Injection vulnerabilities enable attackers to manipulate database queries by injecting malicious SQL code into user inputs. This can lead to unauthorized access to sensitive data, as well as potential control over the application and the backend database. The exploitation of this vulnerability poses significant risks to organizations that rely on the Job Recruitment application, as it can compromise the integrity and confidentiality of stored information.

Technical Details

The vulnerability arises from improper handling of user input in the application, particularly in the parameter named "person". This lack of validation allows attackers to remotely execute malicious SQL commands, which could expose system information, modify existing records, or even delete data. Due to the nature of SQL Injection, the attack can be executed without needing direct access to the application, making it particularly dangerous for organizations.

Potential Impact of CVE-2025-0168

1. Data Breach: Attackers could exploit this vulnerability to gain unauthorized access to sensitive information stored in the database, including personally identifiable information (PII) of job applicants and other confidential data.

2. Data Manipulation: Exploitation could allow attackers to alter or delete data within the database, leading to data integrity issues, loss of critical information, and disruptions in the recruitment process.

3. Server Compromise: The vulnerability could be utilized to execute arbitrary commands on the server, potentially leading to a complete takeover of the application and further exploitation of the underlying infrastructure.

References