vendor:
Pre Job Board
by:
JosS
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Pre Job Board
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
Pre Job Board (JobSearch.php) Remote SQL Injection Vulnerability
A vulnerability exists in the JobSearch.php file of the Pre Job Board software, which allows a remote attacker to inject arbitrary SQL commands. The vulnerability is due to insufficient sanitization of user-supplied input to the 'search' parameter when passed to the 'JobSearch.php' script. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Mitigation:
Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries.
