From 43cbd4f1e9d0176c03a47350ad30614f3adbe93c Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 17 May 2022 12:14:15 +0530
Subject: [PATCH] Update CVE-2021-24762.yaml

---
 cves/2021/CVE-2021-24762.yaml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/cves/2021/CVE-2021-24762.yaml b/cves/2021/CVE-2021-24762.yaml
index 7575822a24..a491bfbdae 100644
--- a/cves/2021/CVE-2021-24762.yaml
+++ b/cves/2021/CVE-2021-24762.yaml
@@ -4,7 +4,8 @@ info:
   name: WordPress Perfect Survey<1.5.2 - SQL Injection
   author: cckuailong
   severity: critical
-  description: Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
+  description: |
+    Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.
   reference:
     - https://www.exploit-db.com/exploits/50766
     - https://github.com/cckuailong/reapoc/tree/main/2021/CVE-2021-24762/vultarget
@@ -23,17 +24,16 @@ requests:
 
     matchers-condition: and
     matchers:
-      - type: status
-        status:
-          - 404
+      - type: dsl
+        dsl:
+          - 'duration>=4'
 
       - type: word
         part: header
         words:
           - "wp-ps-session"
 
-      - type: dsl
-        dsl:
-          - 'duration>=4'
-
+      - type: status
+        status:
+          - 404
 # Enhanced by mp on 2022/05/16