Cyber Resilience

CVE-2024-7808

MediumPublic PoC

Published: 15 August 2024

Published
15 August 2024
Modified
23 October 2025
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0660 91.4th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-7808 is a medium-severity SQL Injection (CWE-89) vulnerability in Fabian Job Portal. Its CVSS base score is 6.9 (Medium).

Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2024-7808 is a SQL injection vulnerability in code-projects Job Portal version 1.0. It resides in an unspecified function within the logindbc.php file, where unsanitized input to the email argument is passed directly into database queries. The flaw is tracked under CWE-89 and carries a CVSS 4.0 score of 6.9, reflecting network-accessible attack conditions with low complexity and no required privileges or user interaction.

Unauthenticated remote attackers can supply crafted input to the email parameter and trigger arbitrary SQL commands against the backend database. Successful exploitation can result in unauthorized data disclosure, modification, or limited integrity and availability impacts on the affected portal instance. Public proof-of-concept code has been released, enabling straightforward reproduction of the attack.

The listed references consist of disclosure entries on VulDB and a GitHub issue that document the flaw and its discovery but contain no vendor advisory, patch details, or mitigation guidance. The associated EPSS score has remained flat at 0.0660 with no material increase since publication.

EU & UK References

Vulnerability details

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the…

more

attack remotely. The exploit has been disclosed to the public and may be used.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fabian
job portal
1.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-89

Penetration testing uses SQL injection payloads against database interfaces, identifying and supporting fixes for SQL injection weaknesses.

addresses: CWE-89

Validates query inputs to prevent SQL syntax or command manipulation.

References