Lucene search
K

19 matches found

CVE
CVE
added 2026/05/10 12:43 p.m.11 views

CVE-2021-47936

OpenCATS 0.9.4 is affected by a remote code execution vulnerability. Unauthenticated attackers can upload PHP payloads disguised as resume attachments via the careers job application endpoint and then execute commands by accessing the uploaded file. The CVE description in the connected sources co...

9.8CVSS6.7AI score0.00656EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.30 views

CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload

OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...

9.8CVSS0.00656EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/01/27 12:27 a.m.5 views

SUSE CVE-2026-22786

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

8.6CVSS5.9AI score0.00938EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.6 views

CVE-2026-22786

Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...

8.6CVSS7AI score0.00938EPSS
Exploits1References1
EUVD
EUVD
added 2026/01/13 7:15 p.m.5 views

EUVD-2026-2000

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal...

8.6CVSS6.7AI score0.00938EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/01/13 7:15 p.m.16 views

Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal

Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...

8.6CVSS7.6AI score0.00938EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/01/12 10:4 p.m.1 views

Arbitrary File Upload

Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...

8.6CVSS7.2AI score0.00938EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.7 views

PT-2026-2304

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...

8.6CVSS6.9AI score0.00938EPSS
Exploits1References10
Packet Storm
Packet Storm
added 2024/08/14 12:0 a.m.669 views

Job Castle 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Job Castle v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/04 3:15 a.m.2 views

CVE-2024-7450

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resumeupload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted...

8.7CVSS6.2AI score0.00625EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/08/04 12:0 a.m.1 views

Placement Management System 代码问题漏洞

Placement Management System is an itsourcecode open source placement management system. A code issue exists in version 1.0 of the Placement Management System, which is caused by an unrestricted file upload vulnerability in the fileToUpload parameter of the Image Handler component of the...

8.8CVSS6.7AI score0.00625EPSS
Exploits1References5
OSV
OSV
added 2023/06/19 11:15 a.m.3 views

CVE-2023-2751

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...

5.3CVSS7.4AI score0.0051EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/06/19 12:0 a.m.3 views

WordPress Plugin Upload Resume 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS7AI score0.0051EPSS
Exploits2References2
0day.today
0day.today
added 2021/09/21 12:0 a.m.408 views

OpenCats 0.9.4 XML Injection Vulnerability

Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...

0.1AI score
Exploits0
OSV
OSV
added 2020/01/31 2:15 p.m.2 views

CVE-2020-8440

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

9.8CVSS5.9AI score0.02811EPSS
Exploits1References1
Cvelist
Cvelist
added 2020/01/31 1:45 p.m.22 views

CVE-2020-8440

controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...

9.8AI score0.02811EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/26 12:0 a.m.4 views

74cms Cross-Site Scripting Vulnerability

74cms is a PHP and MySQL based online recruitment system of Taiyuan Xunyi Technology Co. A cross-site scripting vulnerability exists in the upload/index.php?c=resume&a=resumelist page in version 4.2.111 of 74cms, which can be exploited by a remote attacker with the help of the 'key' parameter to...

6.1CVSS6.2AI score0.00707EPSS
Exploits1References1
0day.today
0day.today
added 2012/05/17 12:0 a.m.26 views

NACElink CS Manager - Persistent Web Vulnerability

Exploit for php platform in category web applications Title: ====== NACElink CS Manager - Persistent Web Vulnerability Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= NACElink Career Services Manager CSM™ offers everything you need to...

7.1AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2012/05/16 12:0 a.m.14 views

NACElink CS Manager - Persistent Web Vulnerability

Document Title: =============== NACElink CS Manager - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=488 Release Date: ============= 2012-05-16 Vulnerability Laboratory ID VL-ID: ==================================== 488 Comm...

7.4AI score
Exploits0
Rows per page
Query Builder