Merge pull request #10006 from Kazgangap/primemover

add cve-2023-6505
2024-06-11 21:37:30 +05:30 · 2024-06-11 21:37:30 +05:30 · 7d8536919c
parent 91f160cba7 0a69f50acb
commit 7d8536919c
1 changed files with 46 additions and 0 deletions
--- a/http/cves/2023/CVE-2023-6505.yaml
+++ b/http/cves/2023/CVE-2023-6505.yaml
@ -0,0 +1,46 @@
+id: CVE-2023-6505
+
+info:
+  name: Prime Mover < 1.9.3 - Sensitive Data Exposure
+  author: securityforeveryone
+  severity: high
+  description: |
+    Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes.
+  remediation: |
+    Fixed in 1.9.3
+  reference:
+    - https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629
+    - https://research.cleantalk.org/cve-2023-6505-prime-mover-poc-exploit/
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-6505
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2023-6505
+    epss-score: 0.00087
+    epss-percentile: 0.36916
+    cpe: cpe:2.3:a:codexonics:prime_mover:*:*:*:*:*:wordpress:*:*
+  metadata:
+    max-request: 1
+    vendor: codexonics
+    product: prime_mover
+    framework: wordpress
+    fofa-query: body="/wp-content/plugins/prime-mover"
+  tags: cve,cve2023,wp,wp-plugin,wordpress,exposure,prime-mover,listing
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/uploads/prime-mover-export-files/1/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'Index of /wp-content/uploads/prime-mover-export-files/1'
+          - '.wprime'
+        condition: or
+
+      - type: status
+        status:
+          - 200