CVE-2024-13092

Name of the Vulnerable Software and Affected Versions code-projects Job Recruitment version 1.0

Description A critical vulnerability was found in the code of code-projects Job Recruitment. This issue affects the unknown code of the file / parse/ call job/search ajax.php of the component Job Post Handler. The manipulation of the argument n leads to SQL injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For code-projects Job Recruitment version 1.0, as a temporary workaround, consider restricting access to the /parse/ call job/search ajax.php endpoint until a patch is available. Avoid using the argument n in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.