controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
- mitre: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8440
- public announcement: https://github.com/niteosoft/simplejobscript/issues/10
controllers/page_apply.php in simplejobscript.com SJS <=1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.
Steps to Reproduce:
1/ Apply for a job and attach a PHP file as your resume
2/ Browse the upload directory
3/ Run the PHP file
If you can’t see the content of the upload directory (directory indexing is off), it can be hard to guess the final filename of your malicious resume because of the
However, you can use one of the multiple SQL injection (CVE-2020-7229) then read the content of the table
applicant or use one of the multiples IDOR available to have access to all applications of all companies.