GHSA-28f3-rf96-2vvg

Опубликовано: 22 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtPass' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2023-49687
https://fluidattacks.com/advisories/pollini
https://www.kashipara.com

9.8 Critical

CVSS3

CVE ID

CVE-2023-49687

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-49687

nvd

больше 1 года назад

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

9.8 Critical

CVSS3

CVE ID

CVE-2023-49687

Дефекты

CWE-89