CVE-2022-32013

Name of the Vulnerable Software and Affected Versions Complete Online Job Search System version 1.0

Description The issue is related to SQL Injection. It can be exploited via the /eris/admin/category/index.php endpoint, specifically when the view parameter is set to edit and the id parameter is manipulated. This allows for potential unauthorized access to database information.

Recommendations For Complete Online Job Search System version 1.0, consider disabling access to the /eris/admin/category/index.php endpoint with view=edit until a patch is available. Restrict input for the id parameter to prevent malicious SQL code injection.