vendor:
Job Search
by:
ZoRLu
7.5
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Job Search
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
PHPStore Job Search Remote File Upload
A vulnerability in the PHPStore Job Search script allows an attacker to upload a malicious file to the server. The attacker can then access the malicious file by accessing the jobseeker_profile_images directory. The malicious file can be uploaded by adding the code 'GIF89a;' to the beginning of the malicious file and then uploading it as a profile photo. The attacker can then access the malicious file by accessing the jobseeker_profile_images directory.
Mitigation:
The vendor should ensure that all uploaded files are properly validated and sanitized before being stored on the server.
