CVE-2026-7071 CodeAstro Online Job Portal user-cvs file information disclosure

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has...

CVE-2024-13372

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.6 via the getresumefiledownloadbyid and getallresumefiles functions due to missing validation on a us...

CVE-2024-11712

CVE-2024-11712 (WP Job Portal for WordPress) Vulnerability in WP Job Portal up to version 2.2.2 allows unauthenticated access to resumes due to a missing authorization check in getResumeFileDownloadById(). Affected product: WP Job Portal – A Complete Recruitment System for WordPress. Impact: unau...

PageAdmin设计缺陷导致简历遍历

简要描述： 泄露信息了 详细说明： 系统默认设置，游客可以查看用户简历 导致信息泄露 简历模块参数是默认的 默认是68和635 找demo站进行测试吧 直接访问 http://demo.pageadmin.net/index.aspx?lanmuid=68&sublanmuid=635&id=1 http://demo.pageadmin.net/index.aspx?lanmuid=68&sublanmuid=635&id=2 .... //遍历id 就可以查看每个人投递的简历了 用户信息还是挺敏感的...