CVE-2023-3504

Name of the Vulnerable Software and Affected Versions SmartWeb Infotech Job Board version 1.0

Description A critical issue affects some unknown functionality of the file /settings/account of the component My Profile Page. The manipulation of the filename argument leads to unrestricted upload. The attack can be launched remotely. The vendor was contacted about this disclosure but did not respond.

Recommendations For SmartWeb Infotech Job Board version 1.0, consider restricting access to the /settings/account file of the My Profile Page component to minimize the risk of exploitation. As a temporary workaround, avoid using the filename argument in the affected component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.