Skip to main content

Job Portal CVE-2024-8463

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2024-09-05 cve-coordination@incibe.es
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 05, 2024 - 13:15 nvd
HIGH 8.8

DescriptionNVD

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.

AnalysisAI

File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Unrestricted File Upload (CWE-434), which allows attackers to upload malicious files that can be executed on the server. File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell. Affected products include: Phpgurukul Job Portal.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate file types server-side, store uploads outside webroot, use random filenames, scan for malware.

CVE-2023-49689 CRITICAL POC
9.8 Dec 22

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9

CVE-2023-49688 CRITICAL POC
9.8 Dec 22

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9

CVE-2023-49681 CRITICAL POC
9.8 Dec 21

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9

CVE-2023-49677 CRITICAL POC
9.8 Dec 21

Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9

CVE-2020-10225 CRITICAL POC
9.8 Mar 08

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. Rate

CVE-2024-8167 MEDIUM POC
6.9 Aug 26

A vulnerability was found in code-projects Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remot

CVE-2024-7808 MEDIUM POC
6.9 Aug 15

A vulnerability was found in code-projects Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remot

CVE-2024-7682 MEDIUM POC
6.9 Aug 12

A vulnerability was found in code-projects Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remot

CVE-2018-14082 MEDIUM POC
5.4 Jul 18

PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. Rated medium severit

CVE-2021-39337 MEDIUM POC
4.8 Oct 15

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sa

CVE-2024-8470 HIGH
7.5 Sep 05

SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /j

CVE-2024-8469 HIGH
7.5 Sep 05

SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobport

Share

CVE-2024-8463 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy