14 matches found
CVE-2022-32018
CVE-2022-32018 affects the software Complete Online Job Search System v1.0 . The vulnerability is a SQL Injection via the URL path /eris/index.php?q=hiring&search= (input passed to a query is not properly validated). Per connected documents, an attacker could potentially exhaustively extract data...
CVE-2022-32007
Complete Online Job Search System v1.0 is affected by an SQL Injection in the admin path /eris/admin/company/index.php?view=edit&id=. The root cause is improper input handling leading to SQL query manipulation. Impact described across sources includes potential data disclosure, data modification,...
CVE-2022-32015
Complete Online Job Search System 1.0 is vulnerable to SQL injection via /eris/index.php?q=category&search=. The issue, repeatedly reported across CVE-2022-32015 records (NVD, NUCLEI template, CNVD, RH and others), indicates that unsanitized input to the category search parameter allows an attack...
CVE-2022-32010
CVE-2022-32010 affects Complete Online Job Search System v1.0. The vulnerability is a SQL injection through /eris/admin/user/index.php?view=edit&id=, resulting from insufficient input validation. Documented impacts include potential unauthorized data exposure, tampering, and disruption (CVSS v3.1...
CVE-2022-29316
Vulnerability: CVE-2022-29316 in Complete Online Job Search System v1.0 exhibits a SQL injection flaw in the parameter q (result&searchfor) to /eris/index.php, arising from unsanitized user input. This can enable attackers to manipulate SQL queries and potentially access or modify database data. ...
CVE-2022-32011
CVE-2022-32011 affects Complete Online Job Search System v1.0. The vulnerability is SQL Injection via /eris/admin/applicants/index.php?view=view&id=, caused by lack of input validation for external input in SQL statements. Related connected sources (CNVD/Red Hat/NVD/CVE listings) corroborate the ...
CVE-2022-32012
CVE-2022-32012 affects Complete Online Job Search System v1.0 and is a SQL Injection vulnerability exploitable via /eris/admin/employee/index.php?view=edit&id=. The root cause is lack of validation of externally entered SQL statements in that endpoint, enabling an attacker to execute arbitrary SQ...
CVE-2022-32008
CVE-2022-32008 affects Complete Online Job Search System v1.0. The vulnerability is an SQL injection in eris/admin/vacancy/index.php?view=edit&id= (missing input validation). Documented across multiple sources (CNVD/CNNVD/NVD/Red Hat), indicating the input parameter can be exploited to execute ar...
CVE-2022-32017
CVE-2022-32017 affects Complete Online Job Search System v1.0. Multiple connected sources confirm a SQL Injection vulnerability in /eris/index.php?q=result&searchfor=bytitle, arising from missing validation of external input. CNVD and RH/Red Hat entries describe the same flaw as a SQL injection t...
CVE-2022-32016
CVE-2022-32016 affects Complete Online Job Search System v1.0, with a SQL Injection vulnerability in the web path /eris/index.php?q=result&searchfor=bycompany. The issue stems from unsafely constructed SQL statements in the affected page, enabling an attacker to manipulate queries and potentially...
CVE-2022-32014
CVE-2022-32014 affects Complete Online Job Search System v1.0. The vulnerability is a SQL Injection in /eris/index.php?q=result&searchfor=byfunction caused by lack of input validation. Impact described in CNVD/PRION/Red Hat/NVD entries includes potential to execute illegal SQL commands and access...
CVE-2022-32013
CVE-2022-32013 affects the Complete Online Job Search System v1.0. The vulnerability is a SQL Injection in the page eris/admin/category/index.php?view=edit&id=, arising from missing validation of external input for SQL statements. The root cause is inadequate input handling that allows an attacke...
CVE-2022-35163
CVE-2022-35163 affects Complete Online Job Search System v1.0. A cross-site scripting (XSS) vulnerability exists via the U_NAME parameter at /category/controller.php?action=edit. The NVD entry lists CVSS v3.1 metrics: AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N with a base score of 4.8 (Medium). Connecte...
CVE-2022-35162
Complete Online Job Search System v1.0 contains a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. The issue affects the CATEGORY input handling and could allow script execution in the context of the affected application. Publicly docume...