CVE-2021-41931

Name of the Vulnerable Software and Affected Versions The Company's Recruitment Management System (affected versions not specified)

Description The Recruitment Management System appears to be vulnerable to SQL injection. This issue is related to the id parameter in the view vacancy app on-page. When specific payloads, such as 19424269' or '1309'='1309 and 39476597' or '2917'='2923, are submitted in the id parameter, different responses are generated, indicating that the input is being incorporated into a SQL query in an unsafe way. The id parameter is vulnerable, as evidenced by the varying responses to the submitted payloads.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.