CVE-2022-1166

CWE-22Path TraversalCWE-200Information Exposure4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.3%
top 43.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown NOO JobmonsterNootheme Jobmonster
Timeline
PublishedApr 4
Latest updateApr 5

Description

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnootheme/jobmonster< 4.6.6.1
CVEListV5unknown/noo_jobmonster4.5.2.94.5.2.9

🔴Vulnerability Details

2
GHSA
GHSA-952h-ff56-x6g3: The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or2022-04-05
CVEList
JobMonster < 4.6.6.1 - Directory Listing in Upload Folder2022-04-04
CVE-2022-1166 (MEDIUM CVSS 5.3) | The JobMonster Theme was vulnerable | cvebase.io