Code-Projects Job Recruitment SQL Injection Vulnerability in Seeker Profile Handler

A critical SQL injection vulnerability has been identified in Code-Projects Job Recruitment version 1.0. The issue resides in the Seeker Profile Handler component, specifically within the file '_parse/_call_main_search_ajax.php'. The vulnerability is triggered by manipulating the 's1' parameter, allowing remote attackers to execute arbitrary SQL commands. This exploitation could lead to unauthorized access to sensitive information in the server's database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could result in unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a POST request to '_parse/_call_main_search_ajax.php' with a crafted 's1' parameter that includes SQL injection payloads. The request can be made using tools like Burp Suite or Postman, and should include a valid PHP session cookie.