S4E

CVE-2020-35749 Scanner

Detects 'Directory Traversal' vulnerability in Simple Board Job plugin for WordPress affects v. 2.9.3 and earlier.

Short Info


Level

High

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 3 days

Scan only one

Domain, IPv4

Toolbox

-

The Simple Board Job plugin for WordPress is a popular plugin that enables website owners to easily manage job postings, applications, and resumes on their website. With its user-friendly interface and robust features, the plugin has become a go-to solution for many. It allows job seekers to easily submit their resumes, which are then stored in a secure database, ready for review by employers. The plugin is easy to install and set up, making it an ideal choice for businesses of all sizes looking to streamline their hiring process.

However, despite its many benefits, the Simple Board Job plugin has recently been found to have a security vulnerability. CVE-2020-35749 is a directory traversal vulnerability found in class-simple_job_board_resume_download_handler.php in version 2.9.3 and earlier. Essentially, this vulnerability allows a remote attacker to read arbitrary files by manipulating the sjb_file parameter in wp-admin/post.php.

This vulnerability is particularly problematic as it can be exploited by attackers to gain unauthorized access to sensitive information. For example, an attacker could use this vulnerability to obtain access to confidential data stored on a web server, such as user credentials, financial information, or other sensitive data. In some cases, this vulnerability could lead to the complete compromise of a website, with attackers gaining full control over the server and all data stored on it.

In conclusion, it is crucial for website owners to take this vulnerability seriously and take steps to protect their websites. By following the above precautions, businesses can minimize the risk of a security breach. Additionally, s4e.io provides a range of pro features that enable users to easily and quickly learn about vulnerabilities in their digital assets, allowing them to stay ahead of potential threats.

 

REFERENCES

Get started to protecting your Free Full Security Scan