{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-36438", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-28T15:07:54.644Z", "dateReserved": "2021-07-12T00:00:00.000Z", "datePublished": "2026-04-27T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T18:29:23.902Z"}, "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.linkedin.com/in/mohamed-elobeid-oscp-ewptxv2-crtp-cissp-mba-537ba485/"}, {"url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "references": [{"url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T15:07:16.178432Z", "id": "CVE-2021-36438", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:07:54.644Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-36438", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T15:07:16.178432Z"}}}], "references": [{"url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T15:07:49.408Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://www.linkedin.com/in/mohamed-elobeid-oscp-ewptxv2-crtp-cissp-mba-537ba485/"}, {"url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/"}], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-27T18:29:23.902Z"}}}, "cveMetadata": {"cveId": "CVE-2021-36438", "state": "PUBLISHED", "dateUpdated": "2026-04-28T15:07:54.644Z", "dateReserved": "2021-07-12T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-27T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php."}], "id": "CVE-2021-36438", "lastModified": "2026-04-28T15:16:04.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-27T19:16:10.453", "references": [{"source": "cve@mitre.org", "url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/"}, {"source": "cve@mitre.org", "url": "https://www.linkedin.com/in/mohamed-elobeid-oscp-ewptxv2-crtp-cissp-mba-537ba485/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://thecyberpost.com/tools/exploits-cve/online-job-portal-in-php-pdo-1-0-sql-injection/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_job_portal_phppdo", "vendor": "sourcecodester"}], "analysis": {"en": {"generated_at": "2026-04-28T23:32:10.191191+00:00", "value": {"mitigation_remediation": ["Upgrade to a patched version of Sourcecodester Online Job Portal phppdo", "Validate and whitelist the category parameter to allow only legitimate values", "Refactor database queries to use prepared statements with parameter binding", "Limit the database user privileges to the minimum necessary"], "summary": {"action": "Apply Patch", "impact": "Data exposure through SQL injection"}, "threat_synthesis": {"affected_systems": "Sourcecodester Online Job Portal phppdo version 1.0. No other vendors or product versions are documented as affected in the CVE record.", "description_and_impact": "The vulnerability is a classic SQL injection flaw located in the category parameter of /jobportal/index.php in Sourcecodester Online Job Portal phppdo 1.0. By supplying crafted input, an attacker can inject arbitrary SQL statements that are executed against the database, potentially allowing the attacker to read sensitive applicant data, alter job listings, or delete records, thereby compromising confidentiality, integrity, and availability of the portal data.", "risk_and_exploitability": "The EPSS score is less than 1% and the vulnerability is not listed in CISA's KEV catalog, indicating no confirmed exploitation reports to date. The CVSS score of 6.5 denotes a moderate severity. The vulnerability can be triggered through an HTTP request to the job portal; since the description does not mention authentication, it is inferred that no authentication is required to reach the vulnerable parameter. Consequently, an adversary with network access to the web application could potentially exploit the flaw with low effort. No other mitigations are reported aside from patching or code changes."}}}}, "created": "2026-04-28T09:17:37.741383+00:00", "updated": "2026-04-28T23:45:16.045040+00:00", "vendors": ["sourcecodester", "sourcecodester$PRODUCT$online_job_portal_phppdo"]}