CVE-2022-2544

Published: Aug 22, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.

Affected (1)

Products: Wpmanageninja: Ninja Job Board

Wpmanageninja

1 product

Ninja Job Board

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Wpmanageninja Ninja Job Board	Before 1.3.3

Related CWEs

CWE-425

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References (4)

https://plugins.trac.wordpress.org/changeset/2758420/ninja-job-board/trunk/includes/Classes/File/FileHandler.php?old=2126467&old_path=ninja-job-board%2Ftrunk%2Fincludes%2FClasses%2FFile%2FFileHandler.php

Source: contact@wpscan.com

PatchThird Party Advisory

https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053

Source: contact@wpscan.com

ExploitThird Party Advisory

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://wpscan.com/vulnerability/a9bcc68c-eeda-4647-8463-e7e136733053

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.