daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-2544.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-02-03 11:12:10 -05:00
parent 65a39398c3
commit 11f60853f1
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2022/CVE-2022-2544.yaml
View File

@ -1,9 +1,9 @@
id: CVE-2022-2544
info:
name: Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing
name: WordPress Ninja Job Board < 1.3.3 - Direct Request
author: tess
severity: high
description: The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
description: WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.
reference:
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php
- https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2023/02/03