Multiple vulnerabilities in Job Portal

Posted date 05/09/2024
Importance
5 - Critical
Affected Resources

Job Portal, 1.0 version.

Description

INCIBE has coordinated the publication of 11 vulnerabilities: 8 of critical severity and 3 of medium severity, affecting version 1.0 of Job Portal of PHPGurukul, an online job portal developed in PHP and MySQL, and which have been discovered by Rafael Pedrero.

These vulnerabilities have been assigned the following codes, CVSS v3.1 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2024-8463: 9.9 | CVSS:3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H | CWE-434.
  • CVE-2024-8464 to CVE-2024-8470: 9.8 | CVSS:3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89.
  • CVE-2024-8471 to CVE-2024-8473: 6.3 | CVSS:3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79.
Solution

There is no reported solution at this time.

Detail
  • File upload restriction bypass vulnerability, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Identifier CVE-2024-8463 has been assigned for this vulnerability.
  • SQL injection vulnerability, by which an attacker could send a specially designed query to the server and retrieve all the information stored in it. The list of assigned parameters and identifiers is as follows:
    • CVE-2024-8464: JOBREGID parameter in /jobportal/admin/applicants/controller.php.
    • CVE-2024-8465: user_id parameter in /jobportal/admin/user/controller.php.
    • CVE-2024-8466: CATEGORY parameter in /jobportal/admin/category/controller.php.
    • CVE-2024-8467: id parameter in /jobportal/admin/category/index.php.
    • CVE-2024-8468: search parameter in /jobportal/index.php.
    • CVE-2024-8469: id parameter in /jobportal/admin/employee/index.php.
    • CVE-2024-8470: CATEGORY parameter in /jobportal/admin/vacancy/controller.php.
  • Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user. The list of parameters and assigned identifiers is as follows:
    • CVE-2024-8471: JOBID and USERNAME parameters in /jobportal/process.php.
    • CVE-2024-8472: multiple parameters in /jobportal/index.php.
    • CVE-2024-8473: user_email parameter in /jobportal/admin/login.php.