Update CVE-2022-2544.yaml

patch-1
Prince Chaddha 2022-09-21 00:15:07 +05:30 committed by GitHub
parent eaa519de38
commit d3ecdbc6d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -2,7 +2,7 @@ id: CVE-2022-2544
info:
name: Ninja Job Board < 1.3.3 - Resume Disclosure via Directory Listing
author: tess
severity: medium
severity: high
description: The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
reference:
- https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php