Lucene search
INCIBECVE-2024-8472HistorySep 05, 2024 - 1:15 p.m.
CVE-2024-8472
2024-09-0513:15:15
CWE-79
INCIBE
web.nvd.nist.gov
27
cve-2024-8472
sql injection
cross-site scripting
job portal
user input
encryption
exploitation
session details
authenticated user
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user throughΒ multiple parameters in /jobportal/index.php.
Affected configurations
Node
phpgurukuljob_portalMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpgurukul | job_portal | 1.0 | cpe:2.3:a:phpgurukul:job_portal:1.0:*:*:*:*:*:*:* |
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Job Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
]Related
cvelist
cvelist
CVE-2024-8472 SQL injection vulnerability in Job Portal
2024-09-05 13:08:12
vulnrichment
vulnrichment
CVE-2024-8472 SQL injection vulnerability in Job Portal
2024-09-05 13:08:12
nvd
nvd
CVE-2024-8472
2024-09-05 13:15:15
CVSS3
6.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
17.7%
Related for CVE-2024-8472