An independent security researcher from Egypt, has found two major flaws in Jobvite website that could be used by an attacker to comprise the company’s web server. The company has not given any acknowledgment regarding the SQLi flaw, neither has fixed it yet. The site is still vulnerable to the LFI (local file inclusion) vulnerability, which he found was one of the best security vulnerabilities he has ever discovered. Fouad also reported the critical flaws three months ago to the company, but the company didn’t fix it till now.
Source: https://thehackernews.com/2014/08/jobvite-recruitment-service-website_4.html