Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35749 PoC — Wordpress Simple Board Job Plugin 路径遍历漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-35749.yaml
Associated Vulnerability
Title:Wordpress Simple Board Job Plugin 路径遍历漏洞 (CVE-2020-35749)
Description:Wordpress Simple Board Job Plugin是WordPress(Wordpress)基金会的一个可为Wordpress提供招聘功能(工作板)的插件。 WordPress Simple Board Job plugin 2.9.3 and earlier 存在路径遍历漏洞,该漏洞允许远程攻击者通过sjb_file参数读取wp-admin post.php中的任意文件。
Description
WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.
File Snapshot

 id: CVE-2020-35749

info:
  name: WordPress Simple Job Board <2.9.4 - Local File Inclusion
  author:

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.