| Title | Itsourcecode Open Source Job Portal V1.0 File upload |
|---|
| Description | During the security review of "Open Source Job Portal", I discovered a critical unrestricted file upload vulnerability in the "/jobportal/admin/user/controller.php?action=photos" endpoint. This vulnerability stems from insufficient server-side validation that only checks the file's magic bytes (header signature). Attackers can bypass this weak check by embedding image headers (e.g., GIF89a) preceding malicious code within a file. Therefore, attackers can upload and execute malicious server-side scripts disguised as images, leading to complete system compromise, unauthorized data access, and server takeover. Immediate remedial measures are needed to ensure system security and protect data integrity. |
|---|
| Source | ⚠️ https://github.com/fengbenjianmo/CVE/issues/1 |
|---|
| User | fengbenjianmo (UID 90811) |
|---|
| Submission | 09/23/2025 04:21 (7 months ago) |
|---|
| Moderation | 09/26/2025 14:54 (3 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 326118 [itsourcecode Open Source Job Portal 1.0 controller.php?action=photos photo unrestricted upload] |
|---|
| Points | 20 |
|---|