PT-2022-13683 · WordPress · Jobmonster Theme
Daniel Ruf
·
Published
2022-04-04
·
Updated
2022-05-10
·
CVE-2022-1166
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JobMonster Theme (affected versions not specified)
Description
The issue allows for Directory Listing in the /wp-content/uploads/jobmonster/ folder due to the absence of a default PHP file or .htaccess file. This could potentially expose sensitive personal data, such as resumes. While secure web server configuration can prevent Directory Listing, vendors can also implement measures to reduce its likelihood.
Recommendations
For the JobMonster Theme, consider adding a default PHP file or configuring an .htaccess file to prevent Directory Listing in the /wp-content/uploads/jobmonster/ folder. As a temporary workaround, restrict access to the /wp-content/uploads/jobmonster/ folder to minimize the risk of sensitive data exposure.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jobmonster Theme