CVE-2022-4061

HIGH

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4061. PoCs published by im-hanzou.

AI-analyzed exploit summary This repository contains a bash script that automates the exploitation of CVE-2022-4061, an unauthenticated arbitrary file upload vulnerability in JobBoardWP versions prior to 1.2.2. The script checks for vulnerable versions and attempts to upload a file named 'tifa.php' to the target system.

Description

The JobBoardWP WordPress plugin before 1.2.2 does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP.

Exploits (1)

nomisec WORKING POC 6 stars

by im-hanzou · poc

https://github.com/im-hanzou/JBWPer

View Code ZIP pw:eip

This repository contains a bash script that automates the exploitation of CVE-2022-4061, an unauthenticated arbitrary file upload vulnerability in JobBoardWP versions prior to 1.2.2. The script checks for vulnerable versions and attempts to upload a file named 'tifa.php' to the target system.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JobBoardWP < 1.2.2

No auth needed

Prerequisites: GNU Parallel installed · List of target URLs · Network access to targets

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/fec68e6e-f612-43c8-8301-80f7ae3be665

Scores

CVSS v3 7.5

EPSS 0.0135

EPSS Percentile 68.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

Status published

Products (1)

ultimatemember/jobboardwp < 1.2.2

Published Dec 19, 2022

Tracked Since Feb 18, 2026