CVSS: 7.7EPSS: 12%CPEs: 1EXPL: 6CVE-2020-35749 – Simple Job Board <= 2.9.3 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2020-35749
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. Una vulnerabilidad de salto de directorio en el archivo class-simple_job_board_resume_download_handler.php en el plugin Simple Board Job versiones 2.9.3 y anteriores para WordPress, permite a atacantes remotos leer archivos arbitrarios por medio del parámetro sjb_file en el archivo wp-admin/post.php WordPress Simple Job Board plugin version 2.9.3 suffers from a local file inclusion vulnerability. • https://www.exploit-db.com/exploits/49450 https://www.exploit-db.com/exploits/50721 https://github.com/M4xSec/Wordpress-CVE-2020-35749 http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html http://packetstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-Local-File-Inclusion.html https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18498 – Simple Job Board <= 2.4.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18498
The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. El complemento the simple-job-board anterior de 2.4.4 para WordPress ha reflejado XSS a través de la búsqueda de palabras clave. • https://wordpress.org/plugins/simple-job-board/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •