Lucene search

[email protected]CVE-2023-43468

HistorySep 23, 2023 - 12:15 a.m.

CVE-2023-43468

2023-09-2300:15:20

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-43468

sql injection

janobe online job portal

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.4%

JSON

SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component.

Affected configurations

NVD

Node

online_job_portal_projectonline_job_portalMatch2020

CPENameOperatorVersion
online_job_portal_project:online_job_portalonline job portal project online job portaleq2020

CPE	Name	Operator	Version
online_job_portal_project:online_job_portal	online job portal project online job portal	eq	2020

References

gist.github.com/ae6e361b/30d56c116d9f727b91c418d044f42fd3

github.com/ae6e361b/Online-Job-Portal

www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2023-43468

cvelist1 prion1 nvd1