Submit #797515: CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controlsinfo

TitelCodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls
BeschreibungA vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. An authenticated employer can delete job postings belonging to other employers by manipulating the id parameter in a GET request to /jobs/job-delete.php. No ownership verification is performed server-side before processing the deletion request.
Quelle⚠️ https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git
Benutzer
 imad alvi (UID 97088)
Einreichung06.04.2026 00:54 (vor 11 Tagen)
Moderieren13.04.2026 10:50 (7 days later)
StatusAkzeptiert
VulDB Eintrag357123 [CodeAstro Online Job Portal 1.0 Delete Job Posting /jobs/job-delete.php ID erweiterte Rechte]
Punkte19

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!