Lucene search

INCIBEVULNRICHMENT:CVE-2024-8473

HistorySep 05, 2024 - 1:08 p.m.

CVE-2024-8473 SQL injection vulnerability in Job Portal

2024-09-0513:08:31

CWE-79

INCIBE

github.com

cve-2024-8473

sql injection

xss

job portal

user_email parameter

session details

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

AI Score

5.7

Confidence

High

EPSS

0.001

Percentile

17.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-job-portal