| tiêu đề | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls |
|---|
| Mô tả | A vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. The application stores user resumes in a publicly accessible directory (/users/user-cvs/) without enforcing authentication or authorization checks.
An unauthenticated attacker can directly access and download any user's resume by requesting the file URL. Additionally, directory listing is enabled, allowing attackers to enumerate all uploaded resumes without needing to guess filenames.
This results in exposure of sensitive personal information such as names, contact details, and employment history. |
|---|
| Nguồn | ⚠️ https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure |
|---|
| Người dùng | imad alvi (UID 97088) |
|---|
| Đệ trình | 07/04/2026 23:36 (cách đây 2 các tháng) |
|---|
| Kiểm duyệt | 26/04/2026 09:46 (18 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 359646 [CodeAstro Online Job Portal 1.0 /users/user-cvs/ tiết lộ thông tin] |
|---|
| điểm | 20 |
|---|