CVE-2022-32017

Name of the Vulnerable Software and Affected Versions Complete Online Job Search System version 1.0

Description The issue concerns SQL Injection, which can be exploited via the /eris/index.php?q=result&searchfor=bytitle API endpoint. The searchfor parameter, specifically when set to bytitle, is vulnerable to this type of attack. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited.

Recommendations For Complete Online Job Search System version 1.0, as a temporary workaround, consider restricting access to the /eris/index.php?q=result&searchfor=bytitle endpoint until a patch is available. Avoid using the searchfor parameter, especially with the bytitle value, in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.