matcher and workflow update

patch-1
sandeep 2021-03-25 01:28:03 +05:30
parent 5ae86fcaef
commit 904c9666d1
2 changed files with 10 additions and 95 deletions

View File

@ -4,8 +4,9 @@ info:
name: WordPress Contact Form 7 Plugin - Unrestricted File Upload
author: soyelmago
severity: critical
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35489
tags: cve,cve2020,wordpress,plugin
description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
tags: cve,cve2020,wordpress,wp-plugin
requests:
- method: GET
@ -17,100 +18,13 @@ requests:
- type: status
status:
- 200
- type: word
words:
- "Contact Form 7"
condition: and
part: body
- type: word
words:
- "2.0.7"
- "2.1"
- "2.1.2"
- "2.2"
- "2.2.1"
- "2.3"
- "2.3.1"
- "2.4"
- "2.4.1"
- "2.4.2"
- "2.4.3"
- "2.4.4"
- "2.4.5"
- "2.4.6"
- "3.0"
- "3.0.1"
- "3.0.2"
- "3.1"
- "3.1.1"
- "3.1.2"
- "3.2"
- "3.3"
- "3.3.1"
- "3.3.2"
- "3.3.3"
- "3.4"
- "3.4.1"
- "3.4.2"
- "3.5"
- "3.5.1"
- "3.5.2"
- "3.5.3"
- "3.5.4"
- "3.6"
- "3.7"
- "3.7.1"
- "3.7.2"
- "3.8"
- "3.8.1"
- "3.9"
- "3.9.1"
- "3.9.2"
- "3.9.3"
- "4.0"
- "4.0.1"
- "4.0.2"
- "4.0.3"
- "4.1"
- "4.1.1"
- "4.1.2"
- "4.2"
- "4.2.1"
- "4.2.2"
- "4.3"
- "4.3.1"
- "4.4"
- "4.4.1"
- "4.4.2"
- "4.5"
- "4.5.1"
- "4.6"
- "4.6.1"
- "4.7"
- "4.8"
- "4.8.1"
- "4.9"
- "4.9.1"
- "4.9.2"
- "5.0"
- "5.0.1"
- "5.0.2"
- "5.0.3"
- "5.0.4"
- "5.0.5"
- "5.1"
- "5.1.1"
- "5.1.2"
- "5.1.4"
- "5.1.5"
- "5.1.6"
- "5.1.7"
- "5.1.8"
- "5.1.9"
- "5.2"
- "5.2.1"
- "5.2.2"
- "5.3"
- "5.3.1"
condition: or
part: body
- type: regex
regex:
- '^([0-4]\.|5\.[0-2]\.|5\.3\.[0-1]$)'
part: body

View File

@ -26,6 +26,7 @@ workflows:
- template: cves/2020/CVE-2020-13700.yaml
- template: cves/2020/CVE-2020-14092.yaml
- template: cves/2020/CVE-2020-35951.yaml
- template: cves/2020/CVE-2020-35489.yaml
- template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
- template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
- template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml