CVE-2025-1162
Published: 10 February 2025
Description
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /\_parse/load\_user-profile.php. The manipulation of the argument userhash leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Security Summary
CVE-2025-1162 is a critical SQL injection vulnerability (CWE-74, CWE-89) in code-projects Job Recruitment 1.0, published on 2025-02-10. It affects an unknown part of the file /_parse/load_user-profile.php, where manipulation of the userhash argument enables the injection. The vulnerability carries a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
An attacker with low privileges can exploit this remotely by manipulating the userhash parameter, leading to SQL injection. Successful exploitation may result in low-level impacts to confidentiality, integrity, and availability, as indicated by the CVSS vector.
Advisories and related details are available via VulDB entries (https://vuldb.com/?ctiid.295065, https://vuldb.com/?id.295065, https://vuldb.com/?submit.494007), the project site (https://code-projects.org/), and a publicly disclosed exploit in https://github.com/J0hnFFFF/j0hn_upload_two/blob/main/web1.pdf. No specific patches or mitigations are detailed in the provided information.
The exploit has been disclosed to the public and may be used in attacks.
Details
- CWE(s)