CVE-2020-35749

HIGH NUCLEI

Presstigers Simple Board Job < 2.9.3 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by SunCSR Team · rubywebappsphp

https://www.exploit-db.com/exploits/49450

View Code ZIP pw:eip

exploitdb WORKING POC

by Ven3xy · pythonwebappsphp

https://www.exploit-db.com/exploits/50721

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by M4xSec · poc

https://github.com/M4xSec/Wordpress-CVE-2020-35749

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress Simple Job Board <2.9.4 - Local File Inclusion

HIGHby cckuailong

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/161050/Simple-JobBoard-Authenticated-File-Read.html

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/165892/WordPress-Simple-Job-Board-2.9.3-Local-File-Inclusion.html

[Exploit, Third Party Advisory] https://docs.google.com/document/d/1TbePkrRGsczepBaJptIdVRvfRrjiC5hjGg_Vxdesw6E/edit?usp=sharing

Scores

CVSS v3 7.7

EPSS 0.7679

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (1)

presstigers/simple_board_job < 2.9.3

Published Jan 15, 2021

Tracked Since Feb 18, 2026