CVE-2024-8167

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://code-projects.org/ Product
https://github.com/t4rrega/cve/issues/1 Exploit Issue Tracking Third Party Advisory
https://vuldb.com/?ctiid.275766 Permissions Required
https://vuldb.com/?id.275766 Third Party Advisory VDB Entry
https://vuldb.com/?submit.397714 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:fabianros:job_portal:1.0:*:*:*:*:*:*:*

History

26 Aug 2024, 18:45

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:fabianros:job_portal:1.0:*:*:*:*:*:*:*
First Time Fabianros
Fabianros job Portal
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/t4rrega/cve/issues/1 - () https://github.com/t4rrega/cve/issues/1 - Exploit, Issue Tracking, Third Party Advisory
References () https://vuldb.com/?ctiid.275766 - () https://vuldb.com/?ctiid.275766 - Permissions Required
References () https://vuldb.com/?id.275766 - () https://vuldb.com/?id.275766 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.397714 - () https://vuldb.com/?submit.397714 - Third Party Advisory

26 Aug 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-26 15:15

Updated : 2024-08-26 18:45


NVD link : CVE-2024-8167

Mitre link : CVE-2024-8167

CVE.ORG link : CVE-2024-8167


JSON object : View

Products Affected

fabianros

  • job_portal
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')