CVE-2024-8466

Name of the Vulnerable Software and Affected Versions: Job Portal (affected versions not specified)

Description: The issue allows an attacker to send a specially designed query through the CATEGORY parameter in the /jobportal/admin/category/controller.php endpoint, and retrieve all the information stored in it. This is a SQL injection vulnerability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /jobportal/admin/category/controller.php endpoint or disabling the use of the CATEGORY parameter until a patch is available.