PT-2024-39031 · Unknown · Phpgurukul Job Portal
Rafael Pedrero
·
Published
2024-09-05
·
Updated
2024-09-09
·
CVE-2024-8464
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
PHPGurukul Job Portal version 1.0
Description:
A SQL injection vulnerability exists, allowing an attacker to send a specially designed query through the
JOBREGID parameter in the /jobportal/admin/applicants/controller.php endpoint, and retrieve all the information stored in it.Recommendations:
For PHPGurukul Job Portal version 1.0, patch immediately and validate all inputs to prevent exploitation. As a temporary workaround, consider restricting access to the
/jobportal/admin/applicants/controller.php endpoint until a patch is available. Avoid using the JOBREGID parameter in the affected endpoint until the issue is resolved.Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul Job Portal