| tiêu đề | Itsourcecode Open Source Job Portal V1.0 File upload |
|---|
| Mô tả | During the security review of "Open Source Job Portal", I discovered a critical unrestricted file upload vulnerability in the "/jobportal/admin/user/controller.php?action=photos" endpoint. This vulnerability stems from insufficient server-side validation that only checks the file's magic bytes (header signature). Attackers can bypass this weak check by embedding image headers (e.g., GIF89a) preceding malicious code within a file. Therefore, attackers can upload and execute malicious server-side scripts disguised as images, leading to complete system compromise, unauthorized data access, and server takeover. Immediate remedial measures are needed to ensure system security and protect data integrity. |
|---|
| Nguồn | ⚠️ https://github.com/fengbenjianmo/CVE/issues/1 |
|---|
| Người dùng | fengbenjianmo (UID 90811) |
|---|
| Đệ trình | 23/09/2025 04:21 (cách đây 7 các tháng) |
|---|
| Kiểm duyệt | 26/09/2025 14:54 (3 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 326118 [itsourcecode Open Source Job Portal 1.0 controller.php?action=photos photo nâng cao đặc quyền] |
|---|
| điểm | 20 |
|---|