Soumettre #855976: code-projects Online Job Portal System 1.0 SQL Injectioninformation

Titrecode-projects Online Job Portal System 1.0 SQL Injection
DescriptionDuring a security review of "Online Job Portal System", critical SQL injection vulnerabilities combined with missing authorization checks were discovered across 6 administrative and employer management endpoint files. These files accept GET parameters from any unauthenticated visitor and execute arbitrary SQL operations against the database. The absence of session-based authentication checks makes these endpoints a particularly dangerous attack vector, as any anonymous internet user can delete administrators, approve employers, view private job seeker data, and manipulate news and job records through simple URL parameters.
La source⚠️ https://github.com/shihuizhang-dazhi/MY-CVE/issues/4
Utilisateur
 dazhi (UID 87857)
Soumission11/06/2026 12:53 (il y a 1 mois)
Modérer13/07/2026 23:19 (1 month later)
StatutAccepté
Entrée VulDB378166 [code-projects Online Job Portal jusqu’à 1.0 /Admin/DeleteUser.php injection SQL]
Points20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!