CVE-2024-12962

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0

Description: A critical issue has been found in the code-projects Job Recruitment system, affecting an unknown functionality of the file / parse/ all edits.php. The manipulation of the skillset argument leads to SQL injection. This issue can be exploited remotely. The exploit has been publicly disclosed and may be used. An attacker could gain unauthorized access to protected information and execute arbitrary code by sending a specially crafted request.

Recommendations: For code-projects Job Recruitment version 1.0, as a temporary workaround, consider disabling the all edits.php script or restricting access to the skillset parameter in the affected API endpoint until a patch is available. Avoid using the skillset parameter in the /parse/ all edits.php endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.