CVE-2022-32008

Name of the Vulnerable Software and Affected Versions Complete Online Job Search System version 1.0

Description The issue concerns SQL Injection. It can be exploited via the /eris/admin/vacancy/index.php endpoint, specifically when the view parameter is set to edit and the id parameter is manipulated.

Recommendations For Complete Online Job Search System version 1.0, consider restricting access to the /eris/admin/vacancy/index.php endpoint, especially when the view parameter is set to edit, to minimize the risk of exploitation. Avoid using the id parameter in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.