CVE-2024-12967

Code-Projects Job Recruitment 1.0 is affected by SQL injection in the fln_update function of /_parse/_all_edits.php via fname/lname. Remote exploitation is possible; public exploits exist. Several sources flag potential broader impact, including unauthorized access and, per PT-2024-9923, possible...

CVE-2024-13092

CVE-2024-13092 affects code-projects Job Recruitment 1.0, specifically the Job Post Handler’s file _parse/_call_job/search_ajax.php. The vulnerability arises from improper handling of the parameter n, enabling SQL injection via remote access. Multiple sources confirm the impact and disclosure of ...

CVE-2024-12963

CVE-2024-12963 affects code-projects Job Recruitment 1.0. The vulnerable component is the function add_xp in the file /_parse/_all_edits.php, where the parameter job_company can be manipulated to cause an SQL injection. The issue can be exploited remotely and the exploit has been publicly disclos...

CVE-2024-12966

CVE-2024-12966 affects code-projects Job Recruitment 1.0. The vulnerability lies in the cn_update function in /_parse/_all_edits.php, where manipulation of the cname and url parameters enables SQL injection. Exploitation appears remote and has been disclosed publicly. Multiple sources corroborate...

CVE-2024-12968

CVE-2024-12968 affects code-projects Job Recruitment 1.0, where the vulnerable component is the function edit_jobpost in /_parse/_all_edits.php. The root cause is improper handling of the parameter jobtype, enabling a SQL injection that can be exploited remotely; multiple sources corroborate prac...

CVE-2024-13093

CVE-2024-13093 affects code-projects Job Recruitment 1.0, with a SQL injection in the Seeker Profile Handler. The vulnerability is in the file /_parse/_call_main_search_ajax.php, caused by manipulation of the parameter s1. The attack can be launched remotely and, per the provided descriptions, th...