Glqt666

Name of the Vulnerable Software and Affected Versions: Job Recruitment version 1.0 Description: A critical vulnerability has been found in the function `fln update()` of the file `/ parse/ all edits.php`. The issue is related to the lack of neutralization of special elements when processing the parameters `fname` and `lname`, leading to a SQL injection. This can allow a remote attacker to gain unauthorized access to protected information and execute arbitrary code by sending a specially crafted request. The exploit has been disclosed to the public and may be used. Recommendations: For Job Recruitment version 1.0, as a temporary workaround, consider disabling the `fln update()` function until a patch is available. Restrict access to the ` all edits.php` file to minimize the risk of exploitation. Avoid using the parameters `fname` and `lname` in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.