RSS   Vulnerabilities for 'Job fair'   RSS

2021-11-10
 
CVE-2021-43564

CWE-200
 

 
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).

 
2015-06-16
 
CVE-2015-4606

 

 
Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.

 


Copyright 2024, cxsecurity.com

 

Back to Top