Create CVE-2018-7662.yaml

2022-04-11 12:14:02 +05:30 · 2022-04-11 12:14:02 +05:30 · 3d173d5925
parent db3b151053
commit 3d173d5925
1 changed files with 29 additions and 0 deletions
--- a/cves/2018/CVE-2018-7662.yaml
+++ b/cves/2018/CVE-2018-7662.yaml
@ -0,0 +1,29 @@
+id: CVE-2018-7662
+
+info:
+  name: CouchCMS Full Path Disclosure
+  author: ritikchaddha
+  severity: medium
+  description: phpmailer.php and mysql2i.func.php disclosure the full path
+  reference: https://github.com/CouchCMS/CouchCMS/issues/46
+  tags: couchcms,fullpath,cve,cve2018
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/includes/mysql2i/mysql2i.func.php"
+      - "{{BaseURL}}/addons/phpmailer/phpmailer.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "mysql2i.func.php on line 10"
+          - "Fatal error: Cannot redeclare mysql_affected_rows() in"
+          - "phpmailer.php on line 10"
+          - "Fatal error: Call to a menber function add_event_listener() on a non-object in"
+        part: body
+
+      - type: status
+        status:
+          - 200