daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2024-6846.yaml

patch-11
Ritik Chaddha 2024-09-08 22:26:28 +04:00 committed by GitHub
parent 508c7deff8
commit 2579f153d4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
http/cves/2024/CVE-2024-6846.yaml
View File

@ -7,18 +7,21 @@ info:
description: |
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-6846
- https://wpscan.com/vulnerability/d48fdab3-669c-4870-a2f9-6c39a7c25fd8/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6846
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2024-6846
metadata:
max-request: 1
verified: true
vendor: webdigit
product: smartsearchwp
framework: wordpress
publicwww-query: "/wp-content/plugins/smartsearchwp"
tags: wpscan,cve,cve2024,wp-plugin,smartsearchwp,chatgpt
fofa-query: body="/wp-content/plugins/smartsearchwp"
tags: wpscan,cve,cve2024,wp,wordpress,wp-plugin,smartsearchwp,chatgpt
http:
- raw:
@ -32,7 +35,7 @@ http:
matchers:
- type: dsl
dsl:
- 'contains_all(body,"success","true","1 months purged successfully")'
- 'contains_all(body,"success","true", "purged successfully")'
- 'contains(content_type,"application/json")'
- 'status_code == 200'
condition: and