Humanica Humatrix 7 vulnerabilities
3 known vulnerabilities affecting humanica/humatrix_7.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-15130P2CRITICALCVSS 9.8v1.0.0.203v1.0.0.6812019-08-18
CVE-2019-15130 [CRITICAL] CWE-330 CVE-2019-15130: The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated atta
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable
nvd
CVE-2019-14932P3HIGHCVSS 7.5v1.0.0.203v1.0.0.6812019-08-12
CVE-2019-14932 [HIGH] CWE-639 CVE-2019-14932: The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to acc
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data.
nvd
CVE-2019-15129P4MEDIUMCVSS 5.3v1.0.0.203v1.0.0.6812019-08-18
CVE-2019-15129 [MEDIUM] CWE-306 CVE-2019-15129: The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated atta
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to access all candidates' files in the photo folder on the website by specifying a "user id" parameter and file name, such as in a recruitment_online/upload/user/[user_id]/photo/[file_name] URI.
nvd