| 제목 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls |
|---|
| 설명 | A vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. The application stores user resumes in a publicly accessible directory (/users/user-cvs/) without enforcing authentication or authorization checks.
An unauthenticated attacker can directly access and download any user's resume by requesting the file URL. Additionally, directory listing is enabled, allowing attackers to enumerate all uploaded resumes without needing to guess filenames.
This results in exposure of sensitive personal information such as names, contact details, and employment history. |
|---|
| 원천 | ⚠️ https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure |
|---|
| 사용자 | imad alvi (UID 97088) |
|---|
| 제출 | 2026. 04. 07. PM 11:36 (20 날 ago) |
|---|
| 모더레이션 | 2026. 04. 26. AM 09:46 (18 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 359646 [CodeAstro Online Job Portal 1.0 /users/user-cvs/ 정보 공개] |
|---|
| 포인트들 | 20 |
|---|