CVE-2024-8463 – File upload restriction bypass vulnerability in Job Portal
https://notcve.org/view.php?id=CVE-2024-8463
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. • https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portal • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2024-8167 – code-projects Job Portal forget.php sql injection
https://notcve.org/view.php?id=CVE-2024-8167
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/t4rrega/cve/issues/1 https://vuldb.com/?ctiid.275766 https://vuldb.com/?id.275766 https://vuldb.com/?submit.397714 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7808 – code-projects Job Portal logindbc.php sql injection
https://notcve.org/view.php?id=CVE-2024-7808
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. • https://github.com/TheUnknownSoul/CVE-2024-7808 https://github.com/XYgit-99/cve/issues/1 https://vuldb.com/?ctiid.274704 https://vuldb.com/?id.274704 https://vuldb.com/?submit.390329 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-7682 – code-projects Job Portal rw_i_nat.php sql injection
https://notcve.org/view.php?id=CVE-2024-7682
A vulnerability was found in code-projects Job Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file rw_i_nat.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. • https://github.com/space-security/cve/issues/7 https://vuldb.com/?ctiid.274139 https://vuldb.com/?id.274139 https://vuldb.com/?submit.389161 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-49689 – Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-49689
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'JobId' parameter of the Employer/DeleteJob.php resource does not validate the characters received and they are sent unfiltered to the database. Job Portal v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticadas. El parámetro 'JobId' del recurso Employer/DeleteJob.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. • https://fluidattacks.com/advisories/pollini https://www.kashipara.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •