| Title | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls |
|---|
| Description | A vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. The application stores user resumes in a publicly accessible directory (/users/user-cvs/) without enforcing authentication or authorization checks.
An unauthenticated attacker can directly access and download any user's resume by requesting the file URL. Additionally, directory listing is enabled, allowing attackers to enumerate all uploaded resumes without needing to guess filenames.
This results in exposure of sensitive personal information such as names, contact details, and employment history. |
|---|
| Source | ⚠️ https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure |
|---|
| User | imad alvi (UID 97088) |
|---|
| Submission | 04/07/2026 23:36 (20 days ago) |
|---|
| Moderation | 04/26/2026 09:46 (18 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 359646 [CodeAstro Online Job Portal 1.0 /users/user-cvs/ file information disclosure] |
|---|
| Points | 20 |
|---|