← back
CVE-2020-35749

CVE-2020-35749

EPSS 30.5%
Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.
Affected products
n/a · n/a
public PoCs found5
githubgithub.com/M4xSec/Wordpress-CVE-2020-357496cve_referencepacketstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.htmlunverifiedcve_referencepacketstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-Local-File-Inclusion.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49450unverifiedexploitdbwww.exploit-db.com/exploits/50721unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.htmlhttp://packetstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-Local-File-Inclusion.htmlhttps://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing