CodeAstro Online Job Portal SQL Injection Vulnerability in Job Deletion Feature
Vulnerability
A SQL injection vulnerability has been identified in CodeAstro Online Job Portal version 1.0. The issue arises in the admin job deletion feature, specifically within the file '/admin/jobs-admins/delete-jobs.php'. The vulnerability allows authenticated administrators to manipulate the 'id' parameter in the SQL query, leading to unauthorized deletion of all job records in the database, rather than just a single entry.
Impact
Exploitation of this vulnerability allows authenticated users to delete all job postings from the database, causing complete data loss and disruption of service.
Reproduction
To reproduce this vulnerability, log into the admin panel and navigate to the jobs section. Once there, send a GET request to '/admin/jobs-admins/delete-jobs.php' with the 'id' parameter manipulated to include a SQL injection payload, such as '48' OR '1'='1'. This will trigger the SQL injection and result in the deletion of all job records.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.