HomeIntelligenceBrief
VULNERABILITY BRIEF🟠 High Vulnerability

Blind SQL Injection in OpenCATS 0.9.7.4 Risks Candidate Data and Credential Leakage

A blind SQL injection vulnerability in OpenCATS version 0.9.7.4 enables unauthenticated attackers to enumerate and retrieve data from the underlying MariaDB database, potentially exposing candidate records, user credentials, and internal configuration. Third‑party risk managers should assess exposure of any vendors using this ATS.

LiveThreat™ Intelligence · 📅 May 28, 2026· 📰 exploit-db.com
🟠
Severity
High
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
exploit-db.com

Blind SQL Injection in OpenCATS 0.9.7.4 Risks Candidate Data and Credential Leakage

What Happened — A proof‑of‑concept exploit released on Exploit‑DB (EDB‑ID 52579) demonstrates a blind SQL injection in the ajax.php endpoint of OpenCATS 0.9.7.4. The vulnerability allows an attacker to enumerate the underlying MariaDB database, extract version information, list user accounts, and retrieve password hashes.

Why It Matters for TPRM

  • Candidate personal data (résumés, contact details) can be harvested without authentication.
  • Compromised user credentials enable lateral movement into other corporate systems.
  • Many staffing agencies and HR departments rely on OpenCATS as a third‑party recruiting platform.

Who Is Affected — Professional services firms, staffing agencies, and any organization that has deployed OpenCATS ≤ 0.9.7.4 as an applicant‑tracking system (ATS).

Recommended Actions

  • Verify the OpenCATS version in use; upgrade to a patched release or apply immediate input‑validation mitigations.
  • Conduct targeted penetration testing of the ATS deployment to confirm remediation.
  • Rotate any credentials that may have been exposed and enforce strong password policies.
  • Enable database query logging and monitor for anomalous SLEEP‑based requests.

Technical Notes — The exploit abuses a blind time‑based SQL injection (IF(condition, SLEEP(1.5),0)) in the ajax.php endpoint, requiring no authentication. No CVE has been assigned (GHSA‑8mc8‑5gw6‑c7w4). Affected data includes user tables (user_name, access_level, password hashes) and can reveal the full database schema. Source: Exploit‑DB 52579

📰 Original Source
https://www.exploit-db.com/exploits/52579

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →