Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
Summary
| Name | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| Code name | Netrebko |
| Product | Online Job Portal |
| Vendor | Projectworlds Pvt. Limited |
| Affected versions | Version 1.0 |
| State | Public |
| Release date | 2023-11-02 |
Vulnerabilities
| Kind | Unauthenticated SQL Injections (SQLi) |
| Rule | 146. SQL Injection |
| Remote | Yes |
| CVSSv3 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVSSv3 Base Score | 9.8 |
| Exploit available | Yes |
| CVE ID(s) | CVE-2023-46677, CVE-2023-46679 |
Description
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.
Vulnerabilities
CVE-2023-46677
The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
$uname = strip_tags($_POST['txt_uname']);
$upass = strip_tags($_POST['txt_upass']);
$pic=$_FILES["img"]["name"];
...
$sql= mysqli_query($con,"insert into registration(name,email,image,password) values('$uname','$umail','$pic','$upass')");
CVE-2023-46679
The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. The vulnerable code is:
$email=$_POST["txt_uname_email"];
$pass=$_POST["txt_password"];
$sql=mysqli_query($con,"select * from registration where email='$email' and password='$pass'");
Our security policy
We have reserved the IDs CVE-2023-46677 and CVE-2023-46679 to refer to these issues from now on.
System Information
- Version: Online Job Portal v1.0
- Operating System: Any
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team.
References
Vendor page https://projectworlds.in/
Timeline
2023-10-24
Vulnerability discovered.
2023-10-24
Vendor contacted.
2023-11-02
Public Disclosure.
