19 matches found
CVE-2021-47936
OpenCATS 0.9.4 is affected by a remote code execution vulnerability. Unauthenticated attackers can upload PHP payloads disguised as resume attachments via the careers job application endpoint and then execute commands by accessing the uploaded file. The CVE description in the connected sources co...
CVE-2021-47936 OpenCATS 0.9.4 Remote Code Execution via Resume Upload
OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by uploading malicious PHP files disguised as resume attachments. Attackers can upload PHP payloads through the careers job application endpoint and execute system...
SUSE CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
CVE-2026-22786
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. In the breakpointcontinue.go file, the MakeFile function accepts a fileName...
EUVD-2026-2000
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal...
Gin-vue-admin has arbitrary file upload vulnerability caused by path traversal
Impact Gin-vue-admin = v2.8.7 has a path traversal vulnerability in the breakpoint resume upload functionality. Attacker can upload any files on any directory. Path traversal vulnerabilities occur when a web application accepts user-supplied file paths without proper validation, allowing attacker...
Arbitrary File Upload
Overview github.com/flipped-aurora/gin-vue-admin/server/utils is a Vue-based admin system Affected versions of this package are vulnerable to Arbitrary File Upload via the MakeFile function in the breakpoint resume upload process. An attacker can write arbitrary files to any directory by supplyin...
PT-2026-2304
Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.8 Description Gin-vue-admin, a backstage management system based on vue and gin, contains a path traversal issue in the breakpoint resume upload functionality. The vulnerability exists because the MakeFile...
Job Castle 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Job Castle v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64...
CVE-2024-7450
A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resumeupload.php of the component Image Handler. The manipulation of the argument fileToUpload leads to unrestricted...
Placement Management System 代码问题漏洞
Placement Management System is an itsourcecode open source placement management system. A code issue exists in version 1.0 of the Placement Management System, which is caused by an unrestricted file upload vulnerability in the fileToUpload parameter of the Image Handler component of the...
CVE-2023-2751
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resumeuploadform shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site...
WordPress Plugin Upload Resume 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
OpenCats 0.9.4 XML Injection Vulnerability
Author : Raed Ahsan Platform : OpenCats Version : 0.9.4 LinkedIn : https://linkedin.com/in/raed-ahsan INSTRUCTIONS FOR EXPLOITING THE OPENCATS 0.9.4 1 Create a file called "cv.py" 2 Paste the following into the cv.py file: from docx import Document document = Document paragraph =...
CVE-2020-8440
controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...
CVE-2020-8440
controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...
74cms Cross-Site Scripting Vulnerability
74cms is a PHP and MySQL based online recruitment system of Taiyuan Xunyi Technology Co. A cross-site scripting vulnerability exists in the upload/index.php?c=resume&a=resumelist page in version 4.2.111 of 74cms, which can be exploited by a remote attacker with the help of the 'key' parameter to...
NACElink CS Manager - Persistent Web Vulnerability
Exploit for php platform in category web applications Title: ====== NACElink CS Manager - Persistent Web Vulnerability Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= NACElink Career Services Manager CSM™ offers everything you need to...
NACElink CS Manager - Persistent Web Vulnerability
Document Title: =============== NACElink CS Manager - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=488 Release Date: ============= 2012-05-16 Vulnerability Laboratory ID VL-ID: ==================================== 488 Comm...