| 标题 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls |
|---|
| 描述 | A vulnerability was found in CodeAstro Online Job Portal Project in PHP MySQL 1.0. The application stores user resumes in a publicly accessible directory (/users/user-cvs/) without enforcing authentication or authorization checks.
An unauthenticated attacker can directly access and download any user's resume by requesting the file URL. Additionally, directory listing is enabled, allowing attackers to enumerate all uploaded resumes without needing to guess filenames.
This results in exposure of sensitive personal information such as names, contact details, and employment history. |
|---|
| 来源 | ⚠️ https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure |
|---|
| 用户 | imad alvi (UID 97088) |
|---|
| 提交 | 2026-04-07 23時36分 (2 月前) |
|---|
| 管理 | 2026-04-26 09時46分 (18 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 359646 [CodeAstro Online Job Portal 1.0 /users/user-cvs/ 信息公开] |
|---|
| 积分 | 20 |
|---|