Lucene search

[email protected]CVE-2023-43469

HistorySep 23, 2023 - 12:15 a.m.

CVE-2023-43469

2023-09-2300:15:20

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-43469

sql injection

janobe online job portal

remote code execution

forpass.php

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON

SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component.

Affected configurations

NVD

Node

online_job_portal_projectonline_job_portalMatch2020

CPENameOperatorVersion
online_job_portal_project:online_job_portalonline job portal project online job portaleq2020

CPE	Name	Operator	Version
online_job_portal_project:online_job_portal	online job portal project online job portal	eq	2020

References

gist.github.com/ae6e361b/28ffc44d39e406ce1bc627c0c5c3a7de

github.com/ae6e361b/Online-Job-Portal-Forget

www.sourcecodester.com/php/14518/online-job-portal-php-full-source-code-2020.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

53.7%

JSON

Related for CVE-2023-43469

nvd1 prion1 cvelist1