Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Job_portal
(Phpgurukul)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-09-05 | CVE-2024-8463 | File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. | Job_portal | 8.8 | ||
| 2024-09-05 | CVE-2024-8464 | SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8465 | SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8466 | SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8467 | SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8468 | SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8469 | SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8470 | SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it. | Job_portal | 7.5 | ||
| 2024-09-05 | CVE-2024-8471 | Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php. | Job_portal | 6.1 | ||
| 2024-09-05 | CVE-2024-8472 | Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php. | Job_portal | 6.1 |