Campcodes Online Job Finder System 1.0 controller.php JOBREGID sql injection

WpisHistoryrelatejsonxmlCTI

Odkryto lukę w Campcodes Online Job Finder System 1.0. Problemem dotknięta jest nieznana funkcja w pliku /admin/applicants/controller.php. Dzięki manipulowaniu argumentem JOBREGID przy użyciu nieznanych danych wejściowych można doprowadzić do wystąpienia podatności sql injection. Raport na temat podatności został udostępniony pod adresem github.com. Podatność ta jest zwana CVE-2024-2678. Możliwe jest zdalne zainicjowanie ataku. Techniczne szczegóły są znane. Uważa się go za proof-of-concept. Exploit można ściągnąć pod adresem github.com.

3 Zmiany · 75 Punkty danych

Pole	Stworzono 2024-03-19 21:02	Update 1/2 2024-05-02 11:41	Update 2/2 2024-05-02 11:48
software_vendor	Campcodes	Campcodes	Campcodes
software_name	Online Job Finder System	Online Job Finder System	Online Job Finder System
software_version	1.0	1.0	1.0
software_file	/admin/applicants/controller.php	/admin/applicants/controller.php	/admin/applicants/controller.php
software_argument	JOBREGID	JOBREGID	JOBREGID
vulnerability_cwe	CWE-89 (sql injection)	CWE-89 (sql injection)	CWE-89 (sql injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf	https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf
source_cve	CVE-2024-2678	CVE-2024-2678	CVE-2024-2678
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1710802800 (2024-03-19)	1710802800 (2024-03-19)	1710802800 (2024-03-19)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_au	S	S	S
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_pr	L	L	L
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	6.5	6.5	6.5
cvss2_vuldb_tempscore	5.6	5.6	5.6
cvss3_vuldb_basescore	6.3	6.3	6.3
cvss3_vuldb_tempscore	5.7	5.7	5.7
cvss3_meta_basescore	6.3	6.3	6.3
cvss3_meta_tempscore	5.7	5.7	6.0
cvss4_vuldb_bscore	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1710802800 (2024-03-19)	1710802800 (2024-03-19)
cve_nvd_summary		A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability.	A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability.
cvss2_nvd_av			N
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			6.5
cvss3_cna_basescore			6.3

◂ Poprzedni Przegląd Kolejny ▸

Interested in the pricing of exploits?

See the underground prices here!