CVE-2024-12978

Code-Projects Job Recruitment 1.0 contains a SQL injection in the add_req function of /_parse/_all_edits.php caused by unsafely handling the jid/limit parameter. The vulnerability is exploitable remotely and has been publicly disclosed. Connected sources also suggest immediate mitigations: tempor...

PT-2024-17843 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problem has been found in the function fln update of the file / parse/ all edits.php. The manipulation of the arguments fname and lname leads to cross site scripting attacks. It is...

PT-2024-17841 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problem was found in the function cn update of the file / parse/ all edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotel...

PT-2024-17840 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue has been found in the function add req of the file / parse/ all edits.php. The manipulation of the argument jid/limit leads to SQL injection. The attack can be initiated...

Code-Projects Job Recruitment 注入漏洞

Code-Projects Job Recruitment is an open source job portal from Code-Projects. Code-Projects Job Recruitment version 1.0 has an injection vulnerability that originates from the jid/limit parameter of the /parse/alledits.php file containing a SQL injection vulnerability...

CVE-2024-12968

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function editjobpost of the file /parse/alledits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2024-12967

A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function flnupdate of the file /parse/alledits.php. The manipulation of the argument fname/lname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-12968 code-projects Job Recruitment _all_edits.php edit_jobpost sql injection

A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function editjobpost of the file /parse/alledits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2024-12967

Code-Projects Job Recruitment 1.0 is affected by SQL injection in the fln_update function of /_parse/_all_edits.php via fname/lname. Remote exploitation is possible; public exploits exist. Several sources flag potential broader impact, including unauthorized access and, per PT-2024-9923, possible...

CVE-2024-12966 code-projects Job Recruitment _all_edits.php cn_update sql injection

A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cnupdate of the file /parse/alledits.php. The manipulation of the argument cname/url leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function addxp of the file /parse/alledits.php. The manipulation of the argument jobcompany leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-12963 code-projects Job Recruitment _all_edits.php add_xp sql injection

A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function addxp of the file /parse/alledits.php. The manipulation of the argument jobcompany leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-12962

Code-projects Job Recruitment 1.0 is affected by an SQL injection in /_parse/_all_edits.php via the skillset parameter, exploitable remotely and publicly disclosed. Multiple sources corroborate a critical issue; remediation guidance is limited to workarounds such as disabling the all_edits.php sc...

CVE-2024-12962 code-projects Job Recruitment _all_edits.php sql injection

A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /parse/alledits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12949

CVE-2024-12949 affects the code-projects Travel Management System 1.0. The vulnerability is an SQL injection in the unknown code of /package.php caused by improper handling of the subcatid parameter. It is exploitable remotely and the exploit has been disclosed publicly. Impact is described with ...

CVE-2024-12937

A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2024-12938

CVE-2024-12938 affects code-projects Simple Admin Panel 1.0, with a vulnerability in the updateOrderStatus.php file. The issue arises from unsafely handling the record argument, leading to SQL injection. Exploitation is described as remote, and public disclosure of the exploit is noted in multipl...

CVE-2024-12938 code-projects Simple Admin Panel updateOrderStatus.php sql injection

A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The...

CVE-2024-12936 code-projects Simple Admin Panel catDeleteController.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The...

CVE-2024-12936

code-projects Simple Admin Panel 1.0 is affected by a SQL injection in the catDeleteController.php file. The vulnerability arises from improper handling of the record parameter, allowing an attacker to manipulate this input remotely over the network. Exploitation has been disclosed publicly, indi...