Job Portal

job_portal

Vendor: Phpgurukul • 12 CVEs

CVEs (12)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-8473 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user t...Show more Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.Show less
CVE-2024-8472 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user t...Show more Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.Show less
CVE-2024-8471 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user t...Show more Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.Show less
CVE-2024-8470 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
CVE-2024-8469 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.
CVE-2024-8468 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
CVE-2024-8467 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
CVE-2024-8466 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
CVE-2024-8465 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
CVE-2024-8464 1Phpgurukul 1Job Portal Sep 6, 2024 Sep 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
CVE-2024-8463 1Phpgurukul 1Job Portal Sep 12, 2024 Sep 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
CVE-2020-10225 1Phpgurukul 1Job Portal Nov 21, 2024 Mar 8, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the serv...Show more An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.Show less