Vulnerabilities > Humanica > Humatrix 7 > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-18 CVE-2019-15130 Use of Insufficiently Random Values vulnerability in Humanica Humatrix 7 1.0.0.203/1.0.0.681
The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitment_online/personalData/act_personaltab.cfm multiple-part POST request with a predictable WRC01_USERID parameter.
network
low complexity
humanica CWE-330
critical
 9.8
9.8