Job Portal Security Vulnerabilities and Issues — Job Portal CVE List

Lucene search

PhpgurukulJob Portal

12 matches found

CVE•added 2020/03/08 11:15 p.m.•85 views

CVE-2020-10225

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.

9.8CVSS9.7AI score0.09353EPSS

CVE•added 2024/09/05 1:15 p.m.•53 views

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

9.9CVSS9.4AI score0.00188EPSS

CVE•added 2024/09/05 1:15 p.m.•43 views

CVE-2024-8465

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•43 views

CVE-2024-8470

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•43 views

CVE-2024-8471

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.

6.3CVSS5.9AI score0.00139EPSS

CVE•added 2024/09/05 1:15 p.m.•43 views

CVE-2024-8472

6.3CVSS5.8AI score0.00139EPSS

CVE•added 2024/09/05 1:15 p.m.•41 views

CVE-2024-8468

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•40 views

CVE-2024-8469

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•39 views

CVE-2024-8466

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•36 views

CVE-2024-8464

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•36 views

CVE-2024-8467

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.

9.8CVSS9AI score0.00154EPSS

CVE•added 2024/09/05 1:15 p.m.•36 views

CVE-2024-8473

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.

6.3CVSS5.8AI score0.00139EPSS