vendor:
Job Portal
by:
Tib3rius
7.5
CVSS
HIGH
Remote Code Execution
94
CWE
Product Name: Job Portal
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:phpgurukul:job_portal:1.0
Platforms Tested: Ubuntu 16.04
2020
Job Portal 1.0 – Remote Code Execution
This exploit allows an attacker to execute arbitrary code remotely on the Job Portal 1.0 application. The attacker can upload a PHP web shell and then execute commands on the target server.
Mitigation:
To mitigate this vulnerability, the vendor should implement proper input validation and access controls. Additionally, the server should have strict permissions on writable directories.
