CVE-2026-6201 - Vulnerability Details

- CodeAstro Online Job Portal Delete Job Posting job-delete.php access control

Description

A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used.

Published: 2026-04-13

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A flaw in the job deletion handler of CodeAstro Online Job Portal allows attackers to manipulate the job ID parameter and delete postings without proper authorization. This improper access control can lead to unauthorized removal of job listings, resulting in data loss, loss of business credibility, and potential service disruption. The vulnerability is classified under Permissions, Privileges, and Access Controls and Improper Access Control weaknesses.

Affected Systems

Affected systems include CodeAstro Online Job Portal version 1.0. The flaw resides in the file /jobs/job-delete.php and impacts any installation of this version that has the endpoint publicly accessible. No other product versions are listed in the CVE.

Risk and Exploitability

The CVSS base score of 5.3 indicates a moderate severity, and the lack of an EPSS score leaves its exploitation probability uncertain. Since the vulnerability can be triggered remotely via crafted HTTP requests, it is likely that an attacker only needs to know a valid job ID. The vulnerability is not listed in the KEV catalog, so no known exploits are reported, but the presence of a public exploit code raises concern. Timely remediation is advised.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

CodeAstro

Online Job Portal

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Codeastro

Online Job Portal

100%

Version	Status	Scheme	Platform
`1.0`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Check with CodeAstro for an official patch that addresses the access control issue on job-delete.php.
If an official patch is not available, modify the job deletion logic to verify that the requesting user owns the job posting before allowing deletion.
Implement logging and monitoring for unauthorized delete attempts and restrict deletion actions to authenticated, authorized users only.

Generated by OpenCVE AI on April 13, 2026 at 20:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00013.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://codeastro.com/
https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git
https://vuldb.com/submit/797515
https://vuldb.com/vuln/357123
https://vuldb.com/vuln/357123/cti

History

Thu, 16 Apr 2026 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Codeastro Codeastro online Job Portal
Vendors & Products		Codeastro Codeastro online Job Portal

Mon, 13 Apr 2026 19:30:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was identified in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /jobs/job-delete.php of the component Delete Job Posting Handler. Such manipulation of the argument ID leads to improper access controls. The attack can be launched remotely. The exploit is publicly available and might be used.
Title		CodeAstro Online Job Portal Delete Job Posting job-delete.php access control
Weaknesses		CWE-266 CWE-284
References		https://codeastro.com/ https://github.com/Xmyronn/CodeAstro-Online-Job-Portal-IDOR.git https://vuldb.com/submit/797515 https://vuldb.com/vuln/357123 https://vuldb.com/vuln/357123/cti
Metrics		cvssV2_0 `{'score': 5.5, 'vector': 'AV:N/AC:L/Au:S/C:N/I:P/A:P/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 5.4, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Codeastro Online Job Portal

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-04-13T19:00:18.544Z

Updated: 2026-04-16T13:26:40.778Z

Reserved: 2026-04-13T08:50:36.262Z

Link: CVE-2026-6201

Vulnrichment

Updated: 2026-04-16T13:26:23.638Z

NVD

Status : Deferred

Published: 2026-04-13T20:16:47.287

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6201

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-14T16:33:30Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object