RSS   Vulnerabilities for 'Humatrix 7'   RSS

2019-08-18
 
CVE-2019-15130

CWE-434
 

 
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.

 
 
CVE-2019-15129

CWE-200
 

 
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.

 
2019-08-12
 
CVE-2019-14932

CWE-200
 

 
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.

 

 >>> Vendor: Humanica 2 Products
Humatrix 7
Humatrix


Copyright 2024, cxsecurity.com

 

Back to Top