Humanica - Humatrix 7 CVE

Filtered by vendor Humanica Subscribe

Filtered by product Humatrix 7

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-15130	1 Humanica	1 Humatrix 7	2021-07-21	10.0 HIGH	9.8 CRITICAL
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.

Vulnerabilities (CVE)