CVE Details
Basic Information
| Title | Campcodes Online Recruitment Management System ajax.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-06-05T19:00:17.394Z |
| Last Seen |
Product Information
| Vendor | Campcodes |
|---|---|
| Product | Online Recruitment Management System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A SQL injection vulnerability exists in Campcodes Online Recruitment Management System version 1.0. This allows remote attackers to inject malicious SQL code, potentially leading to data tampering and unauthorized access. The issue was disclosed publicly and could be exploited. |
|---|---|
| AI Severity | Medium |
| Vendor | Campcodes |
| Product | Online Recruitment Management System |
| Affected Version | 1.0 |
Affected Products
- Campcodes Online Recruitment Management System 1.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family |
References
Description
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/ajax.php?action=save_application. The manipulation of the argument position_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.