Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

PHPGurukul Job Portal

Version 1.0

MAJOR_MINOR 11 CVEs

Known Vulnerabilities

CVE-2024-8473

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.

MEDIUM CVSS 6.3 Published Sep 05, 2024

CVE-2024-8472

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.

MEDIUM CVSS 6.3 Published Sep 05, 2024

CVE-2024-8471

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.

MEDIUM CVSS 6.3 Published Sep 05, 2024

CVE-2024-8470

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8469

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8468

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8467

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8466

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8465

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8464

SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.

CRITICAL CVSS 9.8 Published Sep 05, 2024

CVE-2024-8463

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

CRITICAL CVSS 9.9 Published Sep 05, 2024