Get Started with Redwood for Oracle Cloud HCM Begin Now
To ensure that questions get required attention from community members and are NOT left unanswered, it’s important for the author to indicate (by selecting “Yes” or “No” when prompted) whether the question was answered. (newly added) Please note that it is also important to respond to EACH comment your question receives. Your Yes or No response ensures an accurate status for your question.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
For more information, please refer to this announcement explaining best practices for getting answers to questions.
Security weaknesses in the Taleo application
Summary
Security weaknesses in the Taleo applicationContent
Hi,
Need to address following secuirty weakness identified by our internal audit team for taleo application
Upon applying to the specific job, it allows interested candidates to upload their resumes on the portal
VULNERABILITY
Inappropriate Uploading Mechanism.
OBSERVATION
During the assessment it was identified that the attacker can attach and upload any type of file using uploading mechanism. This vulnerability also allows an attacker to perform CSV injection and reflected file download vulnerabilities.
RISK
This vulnerability allows an attacker to upload malicious file contents such as .php, .xml and .exe etc
Furthermore, by uploading malicious file an attacker could execute arbitrary commands in to the victim machine.
0