Django Job Portal
Monthly
Improper access control in manjurulhoque's django-job-portal allows authenticated remote attackers to manipulate the `role` argument via the `EditEmployeeProfileAPIView` endpoint, enabling unauthorized privilege escalation within the Employee Dashboard. All commits up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f are affected under a rolling release model with no fixed version available. A publicly available proof-of-concept exploit exists via GitHub issue #91; the project maintainer has not responded to disclosure and no patch has been released.
Improper access control in manjurulhoque's django-job-portal allows authenticated remote attackers to manipulate the `role` argument via the `EditEmployeeProfileAPIView` endpoint, enabling unauthorized privilege escalation within the Employee Dashboard. All commits up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f are affected under a rolling release model with no fixed version available. A publicly available proof-of-concept exploit exists via GitHub issue #91; the project maintainer has not responded to disclosure and no patch has been released.