nuclei-templates/http/cves/2022/CVE-2022-2551.yaml

57 lines
2.2 KiB
YAML
Raw Normal View History

2022-09-03 19:19:55 +00:00
id: CVE-2022-2551
info:
name: WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-26 17:19:56 +00:00
author: LRTK-CODER
2022-09-03 19:19:55 +00:00
severity: high
description: |
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information or unauthorized actions on the affected WordPress site.
2023-09-06 11:59:08 +00:00
remediation: Fixed in version 1.4.7.1.
2022-09-03 19:19:55 +00:00
reference:
2022-09-26 17:19:56 +00:00
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
2022-09-03 19:19:55 +00:00
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
- https://github.com/ARPSyndicate/cvemon
2022-09-03 19:19:55 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
2022-09-03 19:19:55 +00:00
cve-id: CVE-2022-2551
cwe-id: CWE-425
2024-05-31 19:23:20 +00:00
epss-score: 0.66448
epss-percentile: 0.97927
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
2022-09-26 17:25:43 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 11:59:08 +00:00
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: snapcreek
product: duplicator
2023-09-06 11:59:08 +00:00
framework: wordpress
google-query: inurl:/backups-dup-lite/dup-installer/
2024-01-14 09:21:50 +00:00
tags: cve2022,cve,wordpress,wp,wp-plugin,duplicator,wpscan,snapcreek
2022-09-26 17:24:38 +00:00
http:
2022-09-03 19:19:55 +00:00
- method: GET
path:
2022-09-26 17:19:56 +00:00
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
2022-09-26 17:27:53 +00:00
2022-09-03 19:19:55 +00:00
matchers-condition: and
matchers:
2023-07-11 19:49:27 +00:00
- type: word
2022-09-03 19:19:55 +00:00
part: body
words:
- "<a href='../installer.php'>restart this install process</a>"
2023-07-11 19:49:27 +00:00
condition: and
2022-09-26 17:19:56 +00:00
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a0046304402206b88fc37bec53086c40a2dab39585c96a5b146c52946e88686cea2be9f6ddf6002206caa29030300ee31f345d6a9a8dff7b389b4fec4576d174a277b621633d1839b:922c64590222798bb761d5b6d8e72950