CVE-2026-7028

Name of the Vulnerable Software and Affected Versions CodeAstro Online Job Portal version 1.0

Description A security flaw in the All Jobs Page component allows for remote SQL injection. This occurs through the manipulation of the ID argument within an unknown function of the '/admin/jobs-admins/delete-jobs.php' endpoint. SQL injection is a technique where an attacker inserts malicious SQL code into a query, potentially allowing them to manipulate the database.

Recommendations As a temporary workaround, restrict access to the '/admin/jobs-admins/delete-jobs.php' endpoint or avoid using the ID argument in that file until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.