{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-11127","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-11-12T07:18:29.191Z","datePublished":"2024-11-12T15:00:09.579Z","dateUpdated":"2024-11-12T15:57:15.318Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-11-12T15:00:09.579Z"},"title":"code-projects Job Recruitment admin.php sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"code-projects","product":"Job Recruitment","versions":[{"version":"1.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in code-projects Job Recruitment up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin.php. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"In code-projects Job Recruitment bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Es geht um eine nicht näher bekannte Funktion der Datei admin.php. Durch Beeinflussen des Arguments userid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-11-12T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-11-12T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-11-12T10:31:14.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"li_12138 (VulDB User)","type":"reporter"},{"lang":"en","value":"li_12138 (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.283975","name":"VDB-283975 | code-projects Job Recruitment admin.php sql injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.283975","name":"VDB-283975 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.441841","name":"Submit #441841 | code-projects Job-recruitment-in-php v1.0 Sql Injection And write Trojans","tags":["third-party-advisory"]},{"url":"https://github.com/ljllll123/cve/blob/main/sql-1.md","tags":["exploit"]},{"url":"https://code-projects.org/","tags":["product"]}]},"adp":[{"affected":[{"vendor":"code-projects","product":"job_recruitment","cpes":["cpe:2.3:a:code-projects:job_recruitment:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"0","status":"affected","lessThan":"1.0","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-11-12T15:55:56.026172Z","id":"CVE-2024-11127","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-11-12T15:57:15.318Z"}}]}}