daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2020/CVE-2020-35749.yaml by mp

patch-1
MostInterestingBotInTheWorld 2022-06-28 15:06:43 -04:00
parent 965439f661
commit f7100f389b
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2020/CVE-2020-35749.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-35749
info:
name: Simple Job Board < 2.9.4 -Arbitrary File Retrieval (Authenticated)
name: WordPress Simple Job Board <2.9.4 - Local File Inclusion
author: cckuailong
severity: high
description: The plugin does not validate the sjb_file parameter when viewing a resume, allowing authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via a path traversal attack.
description: WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.
reference:
- https://wpscan.com/vulnerability/eed3bd69-2faf-4bc9-915c-c36211ef9e2d
- https://nvd.nist.gov/vuln/detail/CVE-2020-35749
@ -40,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/28