Critical severity9.8NVD Advisory· Published Aug 18, 2019· Updated Jun 17, 2026
CVE-2019-15130
CVE-2019-15130
Description
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter. Moreover, the attacker can upload executable content (e.g., asp or aspx) for executing OS commands on the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Humanica/Humatrixdescription
- Range: 1.0.0.203, 1.0.0.681
- Range: 1.0.0.203, 1.0.0.681
Patches
Vulnerability mechanics
References
1- gist.github.com/izadgot/38a7dd553f8024ed3154134dae0414fdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.