A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
History

Thu, 14 Nov 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Anisha
Anisha job Recruitment
CPEs cpe:2.3:a:anisha:job_recruitment:1.0:*:*:*:*:*:*:*
Vendors & Products Anisha
Anisha job Recruitment

Tue, 12 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Code Projects
Code Projects job Recruitement
CPEs cpe:2.3:a:code_projects:job_recruitement:*:*:*:*:*:*:*:*
Vendors & Products Code Projects
Code Projects job Recruitement
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 Nov 2024 02:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title code-projects Job Recruitment login.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2024-11-12T02:00:15.575Z

Updated: 2024-11-12T14:43:34.862Z

Reserved: 2024-11-11T20:28:25.641Z

Link: CVE-2024-11099

cve-icon Vulnrichment

Updated: 2024-11-12T14:43:28.929Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-12T02:15:18.123

Modified: 2024-11-14T14:37:45.570

Link: CVE-2024-11099

cve-icon Redhat

No data.