Filtered by vendor Phpgurukul
Subscriptions
Filtered by product Job Portal
Subscriptions
Total
12 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10225 | 1 Phpgurukul | 1 Job Portal | 2024-11-21 | 9.8 Critical |
An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | ||||
CVE-2024-8463 | 1 Phpgurukul | 1 Job Portal | 2024-09-12 | 9.9 Critical |
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | ||||
CVE-2024-8473 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php. | ||||
CVE-2024-8472 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | ||||
CVE-2024-8471 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 6.3 Medium |
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | ||||
CVE-2024-8470 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8469 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8468 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8467 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | ||||
CVE-2024-8466 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8465 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | ||||
CVE-2024-8464 | 1 Phpgurukul | 1 Job Portal | 2024-09-06 | 9.8 Critical |
SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. |
Page 1 of 1.