PT-2023-30156 · Unknown · Online Job Portal

Andres Roldan

Published

2023-11-07

Updated

2023-11-13

CVE-2023-46677

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Job Portal version 1.0

Description The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txt uname parameter in the "sign-up.php" resource does not validate the input characters, which are then sent unfiltered to the database. This lack of validation allows for potential exploitation.

Recommendations For Online Job Portal version 1.0, consider validating and filtering user input for the txt uname parameter in the sign-up.php resource to prevent SQL injection attacks. As a temporary workaround, restrict access to the sign-up.php resource until a proper fix is implemented.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2023-46677

Affected Products

Online Job Portal

PT-2023-30156 · Unknown · Online Job Portal

CVE-2023-46677

Weakness Enumeration

Related Identifiers

Affected Products

References · 4