| Titel | Itsourcecode Open Source Job Portal V1.0 File upload |
|---|
| Beschreibung | During the security review of "Open Source Job Portal", I discovered a critical unrestricted file upload vulnerability in the "/jobportal/admin/user/controller.php?action=photos" endpoint. This vulnerability stems from insufficient server-side validation that only checks the file's magic bytes (header signature). Attackers can bypass this weak check by embedding image headers (e.g., GIF89a) preceding malicious code within a file. Therefore, attackers can upload and execute malicious server-side scripts disguised as images, leading to complete system compromise, unauthorized data access, and server takeover. Immediate remedial measures are needed to ensure system security and protect data integrity. |
|---|
| Quelle | ⚠️ https://github.com/fengbenjianmo/CVE/issues/1 |
|---|
| Benutzer | fengbenjianmo (UID 90811) |
|---|
| Einreichung | 23.09.2025 04:21 (vor 7 Monaten) |
|---|
| Moderieren | 26.09.2025 14:54 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 326118 [itsourcecode Open Source Job Portal 1.0 controller.php?action=photos photo erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|