Vulnerabilities (CVE)

Filtered by vendor Job Fair Project Subscribe
Filtered by product Job Fair
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43564 1 Job Fair Project 1 Job Fair 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).
CVE-2015-4606 1 Job Fair Project 1 Job Fair 2024-11-21 7.5 HIGH N/A
Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the extension upload folder.