CVE-2023-40956

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:cloudroits:wesite_job_search:15.0:*:*:*:*:*:*:*

History

19 Sep 2023, 19:19

Type Values Removed Values Added
CPE cpe:2.3:a:cloudroits:wesite_job_search:15.0:*:*:*:*:*:*:*
References (MISC) https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search - (MISC) https://github.com/luvsn/OdZoo/tree/main/exploits/website_job_search - Exploit, Third Party Advisory
First Time Cloudroits
Cloudroits wesite Job Search
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CWE CWE-89

15 Sep 2023, 00:31

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-15 00:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-40956

Mitre link : CVE-2023-40956

CVE.ORG link : CVE-2023-40956


JSON object : View

Products Affected

cloudroits

  • wesite_job_search
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')