Fengbenjianmo

**Name of the Vulnerable Software and Affected Versions** itsourcecode Open Source Job Portal version 1.0 **Description** A flaw exists in itsourcecode Open Source Job Portal 1.0 that allows for unrestricted file uploads. This is due to the manipulation of the `photo` argument within the file '/admin/user/controller.php?action=photos'. The issue is remotely exploitable and an exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** itsourcecode Open Source Job Portal version 1.0 **Description** A flaw exists in itsourcecode Open Source Job Portal that allows for SQL injection. The issue is located in the file `/admin/vacancy/index.php?view=edit`, specifically through manipulation of the `ID` argument. Remote exploitation is possible, and details about the exploit are publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.