Description
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
Published: 2026-04-27
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Data exposure through SQL injection
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a classic SQL injection flaw located in the category parameter of /jobportal/index.php in Sourcecodester Online Job Portal phppdo 1.0. By supplying crafted input, an attacker can inject arbitrary SQL statements that are executed against the database, potentially allowing the attacker to read sensitive applicant data, alter job listings, or delete records, thereby compromising confidentiality, integrity, and availability of the portal data.

Affected Systems

Sourcecodester Online Job Portal phppdo version 1.0. No other vendors or product versions are documented as affected in the CVE record.

Risk and Exploitability

The EPSS score is less than 1% and the vulnerability is not listed in CISA's KEV catalog, indicating no confirmed exploitation reports to date. The CVSS score of 6.5 denotes a moderate severity. The vulnerability can be triggered through an HTTP request to the job portal; since the description does not mention authentication, it is inferred that no authentication is required to reach the vulnerable parameter. Consequently, an adversary with network access to the web application could potentially exploit the flaw with low effort. No other mitigations are reported aside from patching or code changes.

Generated by OpenCVE AI on April 28, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a patched version of Sourcecodester Online Job Portal phppdo
  • Validate and whitelist the category parameter to allow only legitimate values
  • Refactor database queries to use prepared statements with parameter binding
  • Limit the database user privileges to the minimum necessary

Generated by OpenCVE AI on April 28, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Online Job Portal phppdo 1.0

Tue, 28 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title SQL Injection Vulnerability in Sourcecodester Online Job Portal phppdo 1.0
Weaknesses CWE-89

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester online Job Portal Phppdo
Vendors & Products Sourcecodester
Sourcecodester online Job Portal Phppdo

Mon, 27 Apr 2026 18:45:00 +0000

Type Values Removed Values Added
Description SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php.
References

Subscriptions

Sourcecodester Online Job Portal Phppdo
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T15:07:54.644Z

Reserved: 2021-07-12T00:00:00.000Z

Link: CVE-2021-36438

cve-icon Vulnrichment

Updated: 2026-04-28T15:07:49.408Z

cve-icon NVD

Status : Deferred

Published: 2026-04-27T19:16:10.453

Modified: 2026-04-28T15:16:04.533

Link: CVE-2021-36438

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:45:16Z

Weaknesses