Phpgurukul: >> Job Portal >> 1.0 Security Vulnerabilities
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-05
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-09-05
File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-09-05
Page 1