Submit #797515: CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controlsinfo

TitleCodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls
DescriptionA vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. An authenticated employer can delete job postings belonging to other employers by manipulating the id parameter in a GET request to /jobs/job-delete.php. No ownership verification is performed server-side before processing the deletion request.
Source⚠️ https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git
User
 imad alvi (UID 97088)
Submission04/06/2026 00:54 (3 months ago)
Moderation04/13/2026 10:50 (7 days later)
StatusAccepted
VulDB entry357123 [CodeAstro Online Job Portal 1.0 Delete Job Posting /jobs/job-delete.php ID access control]
Points19

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!