daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update advanced-access-manager-lfi.yaml

patch-1
Ritik Chaddha 2022-08-10 14:19:57 +05:30 committed by GitHub
parent 4c9182c73e
commit 33d108ee76
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
vulnerabilities/wordpress/advanced-access-manager-lfi.yaml
View File

@ -4,7 +4,8 @@ info:
name: WordPress Advanced Access Manager < 5.9.9 - Local File Inclusion
author: 0x_Akoko
severity: high
description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
description: |
WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
reference:
- https://wpscan.com/vulnerability/9873
- https://id.wordpress.org/plugins/advanced-access-manager/
@ -13,7 +14,7 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi
tags: wordpress,wp-plugin,lfi,wp,accessmanager
requests:
- method: GET
@ -23,10 +24,10 @@ requests:
matchers-condition: and
matchers:
- type: word
part: body
words:
- "DB_NAME"
- "DB_PASSWORD"
part: body
condition: and
- type: status