CVE-2024-11077: code-projects Job Recruitment index.php sql injection
First published: Mon Nov 11 2024(Updated: )
A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Anisha Job Recruitment | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11077?
CVE-2024-11077 is classified as a critical vulnerability.
How does CVE-2024-11077 affect job recruitment software?
CVE-2024-11077 allows SQL injection attacks through the manipulation of the email argument in the index.php file.
Is remote exploitation possible with CVE-2024-11077?
Yes, CVE-2024-11077 can be exploited remotely.
What version of Job Recruitment is affected by CVE-2024-11077?
CVE-2024-11077 affects version 1.0 of Anisha Job Recruitment.
How can I fix the vulnerability identified by CVE-2024-11077?
To fix CVE-2024-11077, sanitize input fields in the application to prevent SQL injection.
- agent/weakness
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/severity
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/anisha
- canonical/anisha job recruitment
- version/anisha job recruitment/1.0