{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7071", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-26T07:46:04.993Z", "datePublished": "2026-04-27T00:30:11.991Z", "dateUpdated": "2026-04-27T15:15:21.599Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T00:30:11.991Z"}, "title": "CodeAstro Online Job Portal user-cvs file information disclosure", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-538", "lang": "en", "description": "File and Directory Information Exposure"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "Information Disclosure"}]}], "affected": [{"vendor": "CodeAstro", "product": "Online Job Portal", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-26T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-26T09:51:09.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "imad alvi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/359646", "name": "VDB-359646 | CodeAstro Online Job Portal user-cvs file information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359646/cti", "name": "VDB-359646 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/799236", "name": "Submit #799236 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure", "tags": ["exploit"]}, {"url": "https://codeastro.com/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-27T15:15:09.944566Z", "id": "CVE-2026-7071", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:15:21.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7071", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-27T15:15:09.944566Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-27T15:15:17.317Z"}}], "cna": {"title": "CodeAstro Online Job Portal user-cvs file information disclosure", "credits": [{"lang": "en", "type": "reporter", "value": "imad alvi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "CodeAstro", "product": "Online Job Portal", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2026-04-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-26T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-26T09:51:09.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/359646", "name": "VDB-359646 | CodeAstro Online Job Portal user-cvs file information disclosure", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/359646/cti", "name": "VDB-359646 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/799236", "name": "Submit #799236 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure", "tags": ["exploit"]}, {"url": "https://codeastro.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "File and Directory Information Exposure"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "Information Disclosure"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-27T00:30:11.991Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7071", "state": "PUBLISHED", "dateUpdated": "2026-04-27T15:15:21.599Z", "dateReserved": "2026-04-26T07:46:04.993Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-27T00:30:11.991Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used."}], "id": "CVE-2026-7071", "lastModified": "2026-04-27T18:39:18.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-27T01:16:15.960", "references": [{"source": "cna@vuldb.com", "url": "https://codeastro.com/"}, {"source": "cna@vuldb.com", "url": "https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/799236"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359646"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/359646/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-538"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Online Job Portal", "source": "cna", "vendor": "CodeAstro"}, "product": "online_job_portal", "vendor": "codeastro"}], "analysis": {"en": {"generated_at": "2026-04-28T04:56:46.091513+00:00", "value": {"mitigation_remediation": ["Update or patch the CodeAstro Online Job Portal to a version that removes or protects the /users/user-cvs/ directory.", "If an update is unavailable, configure the web server to deny directory listings and access to /users/user-cvs/ for all clients.", "Deploy a web application firewall or similar filtering to block requests for the exposed directory and monitor for repeated access attempts."], "summary": {"action": "Apply patch", "impact": "Information disclosure via exposed directory and file listing"}, "threat_synthesis": {"affected_systems": "The affected product is CodeAstro Online Job Portal version 1.0. No other vendors or product versions are listed in the CNA data.", "description_and_impact": "A vulnerability in CodeAstro Online Job Portal allows the /users/user-cvs/ directory to expose file and directory listings, resulting in the disclosure of user CV information and potentially other sensitive data. This flaw is associated with CWE-200 (Information Exposure) and CWE-538 (Sensitive Data Exposure). The vulnerability can be exploited from remote locations, and the exploit has already been publicly disclosed, indicating that attackers could easily use it to discover files that should remain private.", "risk_and_exploitability": "The vulnerability is scored as a 6.9 on the CVSS scale, indicating moderate severity. Its EPSS score is below 1%, suggesting a very low probability of exploitation in the short term. The flaw is not listed in the CISA KEV catalog. The attack vector is remote, likely unauthenticated, and involves accessing a publicly reachable directory that should be protected, making exploitation straightforward for an attacker who can reach the web server."}}}}, "created": "2026-04-27T18:41:59.089729+00:00", "updated": "2026-04-28T05:00:14.752912+00:00", "vendors": ["codeastro", "codeastro$PRODUCT$online_job_portal"]}