CVE-2023-49688: Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
First published: Thu Dec 21 2023(Updated: )
Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtUser' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Job-portal | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-49688?
CVE-2023-49688 is rated as a critical vulnerability due to its potential for unauthorized access and data manipulation.
How do I fix CVE-2023-49688?
To mitigate CVE-2023-49688, implement input validation on the 'txtUser' parameter and use prepared statements for database queries.
What systems are affected by CVE-2023-49688?
CVE-2023-49688 affects Job Portal version 1.0 developed by Kashipara.
Can CVE-2023-49688 be exploited remotely?
Yes, CVE-2023-49688 can be exploited remotely since it involves unauthenticated SQL injection vulnerabilities.
What are the risks associated with CVE-2023-49688?
The risks include unauthorized access to sensitive data and potential alteration of database information due to SQL injection.
- agent/references
- agent/event
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/kashipara
- canonical/job-portal
- version/job-portal/1.0