CVE-2023-49684

02 Jan 2024, 20:15

Type	Values Removed	Values Added
CWE	CWE-89
CVSS	v2 : unknown v3 : 9.8	v2 : unknown v3 : unknown
References	{'url': 'https://fluidattacks.com/advisories/pollini/', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'help@fluidattacks.com'} {'url': 'https://www.kashipara.com/', 'tags': ['Product'], 'source': 'help@fluidattacks.com'}
CPE	cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*
Summary	(es) Job Portal v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticadas. El parámetro 'txtTitle' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos.
Summary	(en) Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txtTitle' parameter of the Employer/InsertWalkin.php resource does not validate the characters received and they are sent unfiltered to the database.	(en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

---

27 Dec 2023, 20:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:kashipara:job_portal:1.0:*:*:*:*:*:*:*
First Time		Kashipara job Portal Kashipara
References	() https://fluidattacks.com/advisories/pollini/ -	() https://fluidattacks.com/advisories/pollini/ - Exploit, Third Party Advisory
References	() https://www.kashipara.com/ -	() https://www.kashipara.com/ - Product

---

22 Dec 2023, 12:18

Type	Values Removed	Values Added
Summary		(es) Job Portal v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticadas. El parámetro 'txtTitle' del recurso Employer/InsertWalkin.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos.

---

22 Dec 2023, 00:15

Type	Values Removed	Values Added
New CVE

---