CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Problem type

Affected products

CodeAstro

Online Job Portal

1.0 - AFFECTED

References

VDB-359608 | CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection

https://vuldb.com/vuln/359608

vdb-entrytechnical-description

VDB-359608 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359608/cti

signaturepermissions-required

Submit #797969 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 SQL Injection

https://vuldb.com/submit/797969

third-party-advisory

github.com

https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-SQLi-Delete-All.git

exploit

codeastro.com

https://codeastro.com/

product

GitHub Security Advisories

GHSA-jcx4-v267-76fg

A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is...

https://github.com/advisories/GHSA-jcx4-v267-76fg

nvd.nist.gov

https://nvd.nist.gov/vuln/detail/CVE-2026-7028

codeastro.com

https://codeastro.com

github.com

https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-SQLi-Delete-All.git

vuldb.com

https://vuldb.com/submit/797969

vuldb.com

https://vuldb.com/vuln/359608

vuldb.com

https://vuldb.com/vuln/359608/cti

github.com

https://github.com/advisories/GHSA-jcx4-v267-76fg

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-7028

Click to expand

{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-7028",
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "dateUpdated": "2026-04-26T08:45:11.264Z",
    "dateReserved": "2026-04-25T14:18:13.673Z",
    "datePublished": "2026-04-26T08:45:11.264Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB",
        "dateUpdated": "2026-04-26T08:45:11.264Z"
      },
      "title": "CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection",
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "affected": [
        {
          "vendor": "CodeAstro",
          "product": "Online Job Portal",
          "modules": [
            "All Jobs Page"
          ],
          "versions": [
            {
              "version": "1.0",
              "status": "affected"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "SQL Injection",
              "cweId": "CWE-89",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Injection",
              "cweId": "CWE-74",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://vuldb.com/vuln/359608",
          "name": "VDB-359608 | CodeAstro Online Job Portal All Jobs delete-jobs.php sql injection",
          "tags": [
            "vdb-entry",
            "technical-description"
          ]
        },
        {
          "url": "https://vuldb.com/vuln/359608/cti",
          "name": "VDB-359608 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ]
        },
        {
          "url": "https://vuldb.com/submit/797969",
          "name": "Submit #797969 | CodeAstro Online Job Portal Project in PHP MySQL  1.0 SQL Injection",
          "tags": [
            "third-party-advisory"
          ]
        },
        {
          "url": "https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-SQLi-Delete-All.git",
          "tags": [
            "exploit"
          ]
        },
        {
          "url": "https://codeastro.com/",
          "tags": [
            "product"
          ]
        }
      ],
      "metrics": [
        {},
        {
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV3_0": {
            "version": "3.0",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM"
          }
        },
        {
          "cvssV2_0": {
            "version": "2.0",
            "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "baseScore": 5.8
          }
        }
      ],
      "timeline": [
        {
          "time": "2026-04-25T00:00:00.000Z",
          "lang": "en",
          "value": "Advisory disclosed"
        },
        {
          "time": "2026-04-25T02:00:00.000Z",
          "lang": "en",
          "value": "VulDB entry created"
        },
        {
          "time": "2026-04-25T16:23:18.000Z",
          "lang": "en",
          "value": "VulDB entry last update"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "imad alvi (VulDB User)",
          "type": "reporter"
        }
      ]
    }
  }
}