Create CVE-2018–9845.yaml

2021-09-23 23:18:41 -03:00 · 2021-09-23 23:18:41 -03:00 · 1f679d8b4e
parent 2c07be1945
commit 1f679d8b4e
1 changed files with 31 additions and 0 deletions
--- a/cves/2018/CVE-2018–9845.yaml
+++ b/cves/2018/CVE-2018–9845.yaml
@ -0,0 +1,31 @@
+id: CVE-2018–9845
+
+info:
+  name: Etherpad Lite before 1.6.4 is exploitable for admin access.
+  author: philippedelteil
+  severity: critical
+  reference:
+    - https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4
+    - https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2018-9845
+
+  tags:cve,cve2018,etherpad
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Admin"
+    redirects: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "Etherpad version"
+          - "Plugin manager"
+      - type: status
+        status:
+          - 200