CVE-2020-35749 Scanner
Detects 'Directory Traversal' vulnerability in Simple Board Job plugin for WordPress affects v. 2.9.3 and earlier.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 3 days
Scan only one
Domain, IPv4
Toolbox
-
The Simple Board Job plugin for WordPress is a popular plugin that enables website owners to easily manage job postings, applications, and resumes on their website. With its user-friendly interface and robust features, the plugin has become a go-to solution for many. It allows job seekers to easily submit their resumes, which are then stored in a secure database, ready for review by employers. The plugin is easy to install and set up, making it an ideal choice for businesses of all sizes looking to streamline their hiring process.
However, despite its many benefits, the Simple Board Job plugin has recently been found to have a security vulnerability. CVE-2020-35749 is a directory traversal vulnerability found in class-simple_job_board_resume_download_handler.php in version 2.9.3 and earlier. Essentially, this vulnerability allows a remote attacker to read arbitrary files by manipulating the sjb_file parameter in wp-admin/post.php.
This vulnerability is particularly problematic as it can be exploited by attackers to gain unauthorized access to sensitive information. For example, an attacker could use this vulnerability to obtain access to confidential data stored on a web server, such as user credentials, financial information, or other sensitive data. In some cases, this vulnerability could lead to the complete compromise of a website, with attackers gaining full control over the server and all data stored on it.
In conclusion, it is crucial for website owners to take this vulnerability seriously and take steps to protect their websites. By following the above precautions, businesses can minimize the risk of a security breach. Additionally, s4e.io provides a range of pro features that enable users to easily and quickly learn about vulnerabilities in their digital assets, allowing them to stay ahead of potential threats.
REFERENCES