CVE-2023-46678: Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Tue Nov 07 2023(Updated: )
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_upass' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Projectworlds Online Job Portal | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2023-46678.
What is the severity of CVE-2023-46678?
The severity of CVE-2023-46678 is critical with a CVSS score of 9.8.
What is the affected software?
The affected software is Projectworlds Online Job Portal version 1.0.
How does CVE-2023-46678 work?
CVE-2023-46678 allows an attacker to perform multiple unauthenticated SQL injections by exploiting the 'txt_upass' parameter of the sign-up.php resource.
Are there any references for CVE-2023-46678?
Yes, you can find more information about CVE-2023-46678 at the following references: - https://fluidattacks.com/advisories/netrebko - https://projectworlds.in
- collector/nvd-api
- collector/mitre-cve
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/status
- agent/softwarecombine
- agent/first-publish-date
- vendor/projectworlds
- canonical/projectworlds online job portal
- version/projectworlds online job portal/1.0
- status/rejected