CVE-2026-7071

MEDIUM

CodeAstro Online Job Portal user-cvs file information disclosure

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-7071. PoCs published by Xmyronn.

AI-analyzed exploit summary This repository provides a detailed technical analysis of an improper access control vulnerability in CodeAstro's Online Job Portal (PHP MySQL 1.0), allowing unauthenticated access to user resumes via directory listing and direct file access.

Description

A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file and directory information exposure. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Exploits (1)

nomisec WRITEUP

by Xmyronn · poc

https://github.com/Xmyronn/CVE-2026-7071-access-Control

View Code ZIP pw:eip

This repository provides a detailed technical analysis of an improper access control vulnerability in CodeAstro's Online Job Portal (PHP MySQL 1.0), allowing unauthenticated access to user resumes via directory listing and direct file access.

Classification

Writeup 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: CodeAstro Online Job Portal Project in PHP MySQL 1.0

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (5)

Core 5

Core References

Vdb Entry vdb-entry

VDB-359646 | CodeAstro Online Job Portal user-cvs file information disclosure

https://vuldb.com/vuln/359646

Signature, Permissions Required signature permissions-required

VDB-359646 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/359646/cti

Third Party Advisory third-party-advisory

Submit #799236 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls

https://vuldb.com/submit/799236

Exploit exploit

https://github.com/Xmyronn/CodeAstro-Job-Portal-Unauthenticated-Resume-Exposure

Product product

https://codeastro.com/

Scores

CVSS v3 5.3

EPSS 0.0038

EPSS Percentile 29.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200 CWE-538

Status published

Products (1)

CodeAstro/Online Job Portal 1.0

Published Apr 27, 2026

Tracked Since Apr 27, 2026