Lucene search
K

4 matches found

OSV
OSV
added 2021/11/15 5:36 p.m.20 views

GHSA-43G8-79X3-J898 Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS7.4AI score0.00997EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2021/11/15 5:36 p.m.26 views

Unrestricted access to predictable file paths in hov/jobfair

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

7.5CVSS3.8AI score0.00997EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2021/11/10 4:15 p.m.18 views

Design/Logic Flaw

An issue was discovered in the jobfair aka Job Fair extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded...

5CVSS7.4AI score0.00997EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/11/10 3:4 p.m.69 views

CVE-2021-43564

The CVE-2021-43564 entry concerns the TYPO3 extension Job Fair (hov/jobfair). The vulnerability arises because the extension does not protect or obfuscate uploaded filenames, enabling an unauthenticated user to access sensitive data by guessing the filename (e.g., uploads/tx_jobfair/cv.pdf). Affe...

7.5CVSS7.4AI score0.00997EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder