CVE-2018-20519

Name of the Vulnerable Software and Affected Versions 74cms version 4.2.111

Description An issue in 74cms allows remote authenticated users to read or modify arbitrary resumes. This is achieved by changing a job-search intention, specifically through the "index.php?c=Personal&a=ajax save basic" endpoint, by manipulating the pid parameter.

Recommendations For version 4.2.111, consider restricting access to the "ajax save basic" function in the "Personal" controller to prevent unauthorized modification of resumes. As a temporary workaround, avoid using the pid parameter in the affected endpoint until a patch is available.