{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6201", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-13T08:50:36.262Z", "datePublished": "2026-04-13T19:00:18.544Z", "dateUpdated": "2026-04-13T19:00:18.544Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T19:00:18.544Z"}, "title": "CodeAstro Online Job Portal Delete Job Posting job-delete.php access control", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "Improper Access Controls"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-266", "lang": "en", "description": "Incorrect Privilege Assignment"}]}], "affected": [{"vendor": "CodeAstro", "product": "Online Job Portal", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Delete Job Posting Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.4, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-13T10:55:41.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "imad alvi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/357123", "name": "VDB-357123 | CodeAstro Online Job Portal Delete Job Posting job-delete.php access control", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357123/cti", "name": "VDB-357123 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797515", "name": "Submit #797515 | CodeAstro Online Job Portal Project in PHP MySQL 1.0 Improper Access Controls", "tags": ["third-party-advisory"]}, {"url": "https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git", "tags": ["exploit"]}, {"url": "https://codeastro.com/", "tags": ["product"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used."}], "id": "CVE-2026-6201", "lastModified": "2026-04-13T20:16:47.287", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T20:16:47.287", "references": [{"source": "cna@vuldb.com", "url": "https://codeastro.com/"}, {"source": "cna@vuldb.com", "url": "https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/797515"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357123"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357123/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}, {"lang": "en", "value": "CWE-284"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "online_job_portal", "vendor": "codeastro"}], "analysis": {"en": {"generated_at": "2026-04-13T20:52:07.209952+00:00", "value": {"mitigation_remediation": ["Check with CodeAstro for an official patch that addresses the access control issue on job-delete.php.", "If an official patch is not available, modify the job deletion logic to verify that the requesting user owns the job posting before allowing deletion.", "Implement logging and monitoring for unauthorized delete attempts and restrict deletion actions to authenticated, authorized users only."], "summary": {"action": "Patch Now", "impact": "Data Loss"}, "threat_synthesis": {"affected_systems": "Affected systems include CodeAstro Online Job Portal version 1.0. The flaw resides in the file /jobs/job-delete.php and impacts any installation of this version that has the endpoint publicly accessible. No other product versions are listed in the CVE.", "description_and_impact": "A flaw in the job deletion handler of CodeAstro Online Job Portal allows attackers to manipulate the job ID parameter and delete postings without proper authorization. This improper access control can lead to unauthorized removal of job listings, resulting in data loss, loss of business credibility, and potential service disruption. The vulnerability is classified under Permissions, Privileges, and Access Controls and Improper Access Control weaknesses.", "risk_and_exploitability": "The CVSS base score of 5.3 indicates a moderate severity, and the lack of an EPSS score leaves its exploitation probability uncertain. Since the vulnerability can be triggered remotely via crafted HTTP requests, it is likely that an attacker only needs to know a valid job ID. The vulnerability is not listed in the KEV catalog, so no known exploits are reported, but the presence of a public exploit code raises concern. Timely remediation is advised."}}}}, "created": "2026-04-14T16:18:23.708395+00:00", "updated": "2026-04-14T16:33:30.972103+00:00", "vendors": ["codeastro", "codeastro$PRODUCT$online_job_portal"]}