daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update and rename wp-church-admin-lfi.yaml to vulnerabilities/wordpress/church-admin-lfi.yaml

patch-1
Prince Chaddha 2021-09-28 15:38:03 +05:30 committed by GitHub
parent b0ce4b83cf
commit 5c80f9dc4c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-church-admin-lfi.yaml → vulnerabilities/wordpress/church-admin-lfi.yaml
View File

@ -1,11 +1,14 @@
id: wp-plugin-church-admin-lfi
id: church-admin-lfi
info:
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
author: 0x_Akoko
severity: high
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
reference:
- https://wpscan.com/vulnerability/8997
- https://id.wordpress.org/plugins/church-admin/
tags: wordpress,wp-plugin,lfi
reference: https://wpscan.com/vulnerability/8997
requests:
- method: GET