This Metasploit module exploits an authenticated directory traversal vulnerability in WordPress plugin Simple JobBoard versions prior to 2.9.3 to perform an arbitrary file read with the web server privileges.
>> ARCHIVE: 2021-01
ERPNext 12.14.0 – SQL Injection (Authenticated)
CASAP Automated Enrollment System 1.0 – Authentication Bypass
Selea CarPlateServer (CPS) 4.0.1.6 – Remote Program Execution
Library System 1.0 – Authentication Bypass Via SQL Injection
Oracle WebLogic Server 14.1.1.0 – RCE (Authenticated)
Selea Targa IP OCR-ANPR Camera – ‘addr’ Remote Code Execution (Unauthenticated)
Selea Targa IP OCR-ANPR Camera – CSRF Add Admin
Selea Targa IP OCR-ANPR Camera – RTP/RTSP/M-JPEG Stream Disclosure (Unauthenticated)
Selea Targa IP OCR-ANPR Camera – Directory Traversal File Disclosure (Unauthenticated)