← back
CVE-2026-7071

CodeAstro Online Job Portal user-cvs file information disclosure

CVSS 6.9 MEDIUMEPSS 0.4%CWE-200CWE-538
A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
CodeAstro · Online Job Portal
public PoCs found1
cve_referencegithub.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposureunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://codeastro.com/https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposurehttps://vuldb.com/submit/799236https://vuldb.com/vuln/359646https://vuldb.com/vuln/359646/cti