CVE-2022-32014

Name of the Vulnerable Software and Affected Versions Complete Online Job Search System version 1.0

Description The issue concerns SQL Injection, which can be exploited via the /eris/index.php?q=result&searchfor=byfunction endpoint. The searchfor parameter is vulnerable, specifically when set to byfunction. This allows an attacker to inject malicious SQL code.

Recommendations For Complete Online Job Search System version 1.0, consider disabling the /eris/index.php?q=result&searchfor=byfunction endpoint until a patch is available. Avoid using the searchfor parameter, especially with the byfunction value, in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.