Vulnerability Description
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Presstigers | Simple Board Job | <= 2.9.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-RExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-LocExploitThird Party AdvisoryVDB Entry
- https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/ExploitThird Party Advisory
- http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-RExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-LocExploitThird Party AdvisoryVDB Entry
- https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/ExploitThird Party Advisory
FAQ
What is CVE-2020-35749?
CVE-2020-35749 is a vulnerability with a CVSS score of 7.7 (HIGH). Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files v...
How severe is CVE-2020-35749?
CVE-2020-35749 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-35749?
Check the references section above for vendor advisories and patch information. Affected products include: Presstigers Simple Board Job.