CVE-2026-15677
HIGH
7.3
CVSS 3.1
Description
A weakness has been identified in code-projects Online Job Portal 1.0. This affects an unknown function of the file /JobSeekerInsert.php. Executing a manipulation of the argument txtFile can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Metadata
Severity & Metrics
7.3
HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| code-projects | Online Job Portal | — | 1.0 |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 7.5 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR |
| 7.3 | HIGH | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 7.3 | HIGH | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R |
| 6.9 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
References (6)
- VDB-378167 | code-projects Online Job Portal JobSeekerInsert.php unrestricted upload https://vuldb.com/vuln/378167
- VDB-378167 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/378167/cti
- CVE-2026-15677 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-15677
- Submit #855977 | code-projects Online Job Portal System 1.0 Allocation of File Descriptors or Handles Without Limits or Thro https://vuldb.com/submit/855977
- https://github.com/shihuizhang-dazhi/MY-CVE/issues/6
- https://code-projects.org/