| शीर्षक | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls |
|---|
| विवरण | A vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. The application stores user resumes in a publicly accessible directory (/users/user-cvs/) without enforcing authentication or authorization checks.
An unauthenticated attacker can directly access and download any user's resume by requesting the file URL. Additionally, directory listing is enabled, allowing attackers to enumerate all uploaded resumes without needing to guess filenames.
This results in exposure of sensitive personal information such as names, contact details, and employment history. |
|---|
| स्रोत | ⚠️ https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure |
|---|
| उपयोगकर्ता | imad alvi (UID 97088) |
|---|
| सबमिशन | 07/04/2026 11:36 PM (20 दिन पहले) |
|---|
| संयम | 26/04/2026 09:46 AM (18 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 359646 [CodeAstro Online Job Portal 1.0 /users/user-cvs/ सूचना का प्रकटीकरण] |
|---|
| अंक | 20 |
|---|