Описание
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:humanica:humatrix_7:1.0.0.203:*:*:*:*:*:*:*
cpe:2.3:a:humanica:humatrix_7:1.0.0.681:*:*:*:*:*:*:*
EPSS
Процентиль: 76%
0.00986
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
github
больше 3 лет назад
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.
EPSS
Процентиль: 76%
0.00986
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306