Online Job Portal
Monthly
CodeAstro Online Job Portal 1.0 exposes file and directory information through the /users/user-cvs/ endpoint via remote unauthenticated access, allowing attackers to enumerate and retrieve sensitive resume and user data. The vulnerability has publicly available exploit code and affects all versions of the application via the CPE cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*. CVSS 5.5 with confirmed public exploit availability and EPSS exploitation probability indicates moderate real-world risk for deployments accessible over the network.
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
CodeAstro Online Job Portal 1.0 exposes file and directory information through the /users/user-cvs/ endpoint via remote unauthenticated access, allowing attackers to enumerate and retrieve sensitive resume and user data. The vulnerability has publicly available exploit code and affects all versions of the application via the CPE cpe:2.3:a:codeastro:online_job_portal:*:*:*:*:*:*:*:*. CVSS 5.5 with confirmed public exploit availability and EPSS exploitation probability indicates moderate real-world risk for deployments accessible over the network.
A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.