Job Portal Website Vulnerable to SQL Injection Attacks – Protect Your Data

CVECVE-2023-49683
CVSScvssV3_1: 9.8
SourceCVE-2023-49683

The Job Portal v1.0 website has been found vulnerable to SQL Injection attacks. SQL Injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution by the backend database.

Hackers can exploit SQL Injection vulnerabilities to view, modify or delete sensitive data like user credentials, payment details etc. from the backend database. In this case, the ‘txtDesc’ parameter in the Employer/InsertWalkin.php page of Job Portal v1.0 does not sanitize user input before using it in a SQL query. This allows an attacker to craft malicious SQL queries and gain unauthorized access to the database.

Some things users can do to protect themselves are to avoid providing any sensitive information like banking details on the vulnerable website. The website owners should immediately patch the vulnerability by sanitizing all user inputs and using prepared statements. Users are also advised to use strong and unique passwords for different online accounts to prevent credential stuffing attacks in case of a data breach. Regular password changes and enabling two-factor authentication wherever available is also recommended.

References