cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8473,https://securityvulnerability.io/vulnerability/CVE-2024-8473,XSS Vulnerability in /jobportal/admin/login.php Exposes User Session Details,"A Cross-Site Scripting (XSS) vulnerability has been identified in Job Portal Management Software, where input from users is not adequately encrypted. This security flaw allows an attacker to exploit the user_email parameter within the /jobportal/admin/login.php path. By doing so, they can potentially retrieve sensitive session details of authenticated users, posing a significant risk to user data integrity and confidentiality. It is essential for users of the affected software versions to implement appropriate security measures to protect against such exploitation.",PHPgurukul,Job Portal,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-05T13:08:31.923Z,0
CVE-2024-8472,https://securityvulnerability.io/vulnerability/CVE-2024-8472,Cross-Site Scripting (XSS) vulnerability in /jobportal/index.php could allow attacker to retrieve session details of authenticated users,"A Cross-Site Scripting (XSS) vulnerability exists in the Job Portal Software, which fails to properly encrypt user-controlled input. This lack of encryption enables attackers to inject malicious scripts into web applications, giving them the potential to retrieve sensitive session details of authenticated users. The vulnerability can be exploited through multiple parameters, specifically in the /jobportal/index.php file, making it essential for users and administrators to immediately address this security flaw to protect user data.",PHPgurukul,Job Portal,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-05T13:08:12.515Z,0
CVE-2024-8471,https://securityvulnerability.io/vulnerability/CVE-2024-8471,XSS Vulnerability in /jobportal/process.php Could Expose Authenticated User Session Details,"This vulnerability is characterized as a Cross-Site Scripting (XSS) issue where user-controlled input is not adequately encrypted. An attacker can exploit this weakness to gain access to sensitive session details of authenticated users through specific parameters such as JOBID and USERNAME communicated via the /jobportal/process.php endpoint. Such exploitation poses a significant risk of session hijacking, which could lead to unauthorized access and manipulation of user accounts within the affected job portal software.",PHPgurukul,Job Portal,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-05T13:07:54.067Z,201
CVE-2024-8470,https://securityvulnerability.io/vulnerability/CVE-2024-8470,SQL injection vulnerability could expose sensitive information,"A SQL injection vulnerability exists in the Job Portal application, where an attacker can manipulate the CATEGORY parameter within the /jobportal/admin/vacancy/controller.php endpoint. By sending crafted SQL queries, attackers may gain unauthorized access to sensitive information stored in the database, potentially compromising user data and other critical information within the application. Prompt action is necessary to mitigate this risk and strengthen the application's security posture.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:56:02.047Z,0
CVE-2024-8469,https://securityvulnerability.io/vulnerability/CVE-2024-8469,Employee Information at Risk Due to SQL Injection Vulnerability,"An SQL injection vulnerability exists in the job portal's admin interface, specifically within the 'id' parameter of the endpoint /jobportal/admin/employee/index.php. This flaw enables an unauthorized attacker to craft a malicious query that could potentially expose sensitive information stored in the database. Exploitation of this vulnerability could lead to significant data breaches, making it crucial for organizations to implement appropriate security measures to safeguard their applications.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:55:44.603Z,0
CVE-2024-8468,https://securityvulnerability.io/vulnerability/CVE-2024-8468,Attackers Can Retrieve All Information Stored in /jobportal/index.php through a Specially Designed Query,"A vulnerability exists in the Job Portal application that allows attackers to exploit an SQL injection flaw through a specially crafted query sent via the search parameter in /jobportal/index.php. This poses a significant risk as it enables unauthorized access to sensitive information stored within the database, potentially leading to data breaches and unauthorized data manipulation.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:55:28.534Z,0
CVE-2024-8467,https://securityvulnerability.io/vulnerability/CVE-2024-8467,Unprotected Against SQL Injection:Job Portal at Risk of Data Exfiltration,"An SQL injection vulnerability exists in the Job Portal's admin interface, specifically within the /jobportal/admin/category/index.php file. This flaw enables attackers to craft a malicious query through the 'id' parameter, potentially granting them unauthorized access to all data contained within the database. This vulnerability emphasizes the importance of input validation and proper handling of user inputs to prevent such exploitation. Organizations using this platform are advised to implement security patches and ensure robust security practices are in place to safeguard sensitive information.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:55:09.389Z,0
CVE-2024-8466,https://securityvulnerability.io/vulnerability/CVE-2024-8466,Database Injection Vulnerability,"An SQL injection vulnerability exists within the job portal software that can be exploited by an attacker through the CATEGORY parameter in the controller file at /jobportal/admin/category/controller.php. By crafting a specific SQL query, the attacker can gain unauthorized access to all information stored in the database, which poses a significant risk to the confidentiality and integrity of sensitive user data. This vulnerability highlights the need for robust input validation and security measures to prevent unauthorized data access.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:54:49.671Z,0
CVE-2024-8465,https://securityvulnerability.io/vulnerability/CVE-2024-8465,SQL Injection Vulnerability in /jobportal/admin/user/controller.php,"SQL injection vulnerability exists within the Job Portal application, specifically in the admin interface's user controller. By exploiting this flaw, an attacker can craft a malicious query through the user_id parameter in the controller.php file. This allows unauthorized access to all information stored in the database, posing a significant risk to sensitive user data and overall application integrity.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:54:34.307Z,0
CVE-2024-8464,https://securityvulnerability.io/vulnerability/CVE-2024-8464,Attackers Can Access Sensitive Data via SQL Injection Vulnerability in JobPortal,"This SQL injection vulnerability targets Job Portal applications, enabling attackers to manipulate the JOBREGID parameter in the URL, specifically within the /jobportal/admin/applicants/controller.php file. By exploiting this flaw, malicious actors can execute specially crafted SQL queries, leading to unauthorized access to sensitive information stored in the database. This vulnerability poses significant risks for data confidentiality and integrity, making it essential for organizations using affected versions to implement protective measures promptly.",PHPgurukul,Job Portal,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-09-05T12:54:15.421Z,0
CVE-2024-8463,https://securityvulnerability.io/vulnerability/CVE-2024-8463,Bypassing File Upload Restrictions via Webshell: A Security Threat,"The vulnerability in PHPGurukul's Job Portal version 1.0 allows an authenticated user to bypass file upload restrictions. This flaw enables the user to upload unauthorized files which can lead to the execution of remote code through a webshell. Such an attack could compromise the server, exposing sensitive data and potentially leading to unauthorized control over the affected system. Organizations using this version of the Job Portal should take immediate action to mitigate this risk.",PHPgurukul,Job Portal,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-05T12:49:52.618Z,0
CVE-2020-10225,https://securityvulnerability.io/vulnerability/CVE-2020-10225,,"An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.",PHPgurukul,Job Portal,9.8,CRITICAL,0.005520000122487545,false,,false,false,false,,,false,false,,2020-03-08T22:11:43.000Z,0