CVE-2024-7808
Published: 15 August 2024
Summary
CVE-2024-7808 is a medium-severity SQL Injection (CWE-89) vulnerability in Fabian Job Portal. Its CVSS base score is 6.9 (Medium).
Operationally, ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2024-7808 is a SQL injection vulnerability in code-projects Job Portal version 1.0. It resides in an unspecified function within the logindbc.php file, where unsanitized input to the email argument is passed directly into database queries. The flaw is tracked under CWE-89 and carries a CVSS 4.0 score of 6.9, reflecting network-accessible attack conditions with low complexity and no required privileges or user interaction.
Unauthenticated remote attackers can supply crafted input to the email parameter and trigger arbitrary SQL commands against the backend database. Successful exploitation can result in unauthorized data disclosure, modification, or limited integrity and availability impacts on the affected portal instance. Public proof-of-concept code has been released, enabling straightforward reproduction of the attack.
The listed references consist of disclosure entries on VulDB and a GitHub issue that document the flaw and its discovery but contain no vendor advisory, patch details, or mitigation guidance. The associated EPSS score has remained flat at 0.0660 with no material increase since publication.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-48662
Vulnerability details
A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file logindbc.php. The manipulation of the argument email leads to sql injection. It is possible to launch the…
more
attack remotely. The exploit has been disclosed to the public and may be used.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.