| Kura | code-projects Online Job Search Engine 1.0 SQL Injection |
|---|
| Gaskiya | A SQL Injection vulnerability exists in the username parameter of the login form in the Online Job Search Engine application. The application fails to properly sanitize user input when constructing SQL queries. Attackers can manipulate the SQL query to execute arbitrary SQL commands, including time-based payloads for testing blind SQL injection.
The vulnerability exists because the application uses the outdated mysql_* PHP functions and relies solely on mysql_real_escape_string for input sanitization, which is insufficient to prevent SQL Injection in certain cases. |
|---|
| Manga | ⚠️ https://github.com/lakshayyverma/CVE-Discovery/blob/main/Online%20Job%20Search%20Engine.md |
|---|
| Màdùmga | lakshay12311 (UID 91298) |
|---|
| Furta | 10/24/2025 13:02 (4 Wurɗi 전) |
|---|
| Gargajiya | 11/09/2025 13:48 (16 days later) |
|---|
| Halitta | Shingilam |
|---|
| VulDB gite | 331648 [code-projects Online Job Search Engine 1.0 /login.php username/phone SQL Injection] |
|---|
| Nganji | 20 |
|---|