Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

PHPGurukul Security Vulnerabilities

cve
cve

CVE-2024-8465

SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
25
cve
cve

CVE-2024-8466

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
24
cve
cve

CVE-2024-8467

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
23
cve
cve

CVE-2024-8468

SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
24
cve
cve

CVE-2024-8469

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
25
cve
cve

CVE-2024-8470

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.

9.8CVSS

9.8AI Score

0.001EPSS

2024-09-05 01:15 PM
30
cve
cve

CVE-2024-8471

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.

6.3CVSS

5.9AI Score

0.0005EPSS

2024-09-05 01:15 PM
25
cve
cve

CVE-2024-8472

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.

6.3CVSS

5.9AI Score

0.0005EPSS

2024-09-05 01:15 PM
27
cve
cve

CVE-2024-8473

Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.

6.3CVSS

5.9AI Score

0.0005EPSS

2024-09-05 01:15 PM
25
Total number of security vulnerabilities259