matcher and workflow update
sandeep
parent
5ae86fcaef
commit
904c9666d1
|
|
@ -4,8 +4,9 @@ info:
|
||||||
name: WordPress Contact Form 7 Plugin - Unrestricted File Upload
|
name: WordPress Contact Form 7 Plugin - Unrestricted File Upload
|
||||||
author: soyelmago
|
author: soyelmago
|
||||||
severity: critical
|
severity: critical
|
||||||
reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35489
|
description: The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
|
||||||
tags: cve,cve2020,wordpress,plugin
|
reference: https://nvd.nist.gov/vuln/detail/CVE-2020-35489
|
||||||
|
tags: cve,cve2020,wordpress,wp-plugin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- method: GET
|
||||||
|
|
@ -17,100 +18,13 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "Contact Form 7"
|
- "Contact Form 7"
|
||||||
condition: and
|
|
||||||
part: body
|
part: body
|
||||||
- type: word
|
|
||||||
words:
|
- type: regex
|
||||||
- "2.0.7"
|
regex:
|
||||||
- "2.1"
|
- '^([0-4]\.|5\.[0-2]\.|5\.3\.[0-1]$)'
|
||||||
- "2.1.2"
|
|
||||||
- "2.2"
|
|
||||||
- "2.2.1"
|
|
||||||
- "2.3"
|
|
||||||
- "2.3.1"
|
|
||||||
- "2.4"
|
|
||||||
- "2.4.1"
|
|
||||||
- "2.4.2"
|
|
||||||
- "2.4.3"
|
|
||||||
- "2.4.4"
|
|
||||||
- "2.4.5"
|
|
||||||
- "2.4.6"
|
|
||||||
- "3.0"
|
|
||||||
- "3.0.1"
|
|
||||||
- "3.0.2"
|
|
||||||
- "3.1"
|
|
||||||
- "3.1.1"
|
|
||||||
- "3.1.2"
|
|
||||||
- "3.2"
|
|
||||||
- "3.3"
|
|
||||||
- "3.3.1"
|
|
||||||
- "3.3.2"
|
|
||||||
- "3.3.3"
|
|
||||||
- "3.4"
|
|
||||||
- "3.4.1"
|
|
||||||
- "3.4.2"
|
|
||||||
- "3.5"
|
|
||||||
- "3.5.1"
|
|
||||||
- "3.5.2"
|
|
||||||
- "3.5.3"
|
|
||||||
- "3.5.4"
|
|
||||||
- "3.6"
|
|
||||||
- "3.7"
|
|
||||||
- "3.7.1"
|
|
||||||
- "3.7.2"
|
|
||||||
- "3.8"
|
|
||||||
- "3.8.1"
|
|
||||||
- "3.9"
|
|
||||||
- "3.9.1"
|
|
||||||
- "3.9.2"
|
|
||||||
- "3.9.3"
|
|
||||||
- "4.0"
|
|
||||||
- "4.0.1"
|
|
||||||
- "4.0.2"
|
|
||||||
- "4.0.3"
|
|
||||||
- "4.1"
|
|
||||||
- "4.1.1"
|
|
||||||
- "4.1.2"
|
|
||||||
- "4.2"
|
|
||||||
- "4.2.1"
|
|
||||||
- "4.2.2"
|
|
||||||
- "4.3"
|
|
||||||
- "4.3.1"
|
|
||||||
- "4.4"
|
|
||||||
- "4.4.1"
|
|
||||||
- "4.4.2"
|
|
||||||
- "4.5"
|
|
||||||
- "4.5.1"
|
|
||||||
- "4.6"
|
|
||||||
- "4.6.1"
|
|
||||||
- "4.7"
|
|
||||||
- "4.8"
|
|
||||||
- "4.8.1"
|
|
||||||
- "4.9"
|
|
||||||
- "4.9.1"
|
|
||||||
- "4.9.2"
|
|
||||||
- "5.0"
|
|
||||||
- "5.0.1"
|
|
||||||
- "5.0.2"
|
|
||||||
- "5.0.3"
|
|
||||||
- "5.0.4"
|
|
||||||
- "5.0.5"
|
|
||||||
- "5.1"
|
|
||||||
- "5.1.1"
|
|
||||||
- "5.1.2"
|
|
||||||
- "5.1.4"
|
|
||||||
- "5.1.5"
|
|
||||||
- "5.1.6"
|
|
||||||
- "5.1.7"
|
|
||||||
- "5.1.8"
|
|
||||||
- "5.1.9"
|
|
||||||
- "5.2"
|
|
||||||
- "5.2.1"
|
|
||||||
- "5.2.2"
|
|
||||||
- "5.3"
|
|
||||||
- "5.3.1"
|
|
||||||
condition: or
|
|
||||||
part: body
|
part: body
|
||||||
|
|
@ -26,6 +26,7 @@ workflows:
|
||||||
- template: cves/2020/CVE-2020-13700.yaml
|
- template: cves/2020/CVE-2020-13700.yaml
|
||||||
- template: cves/2020/CVE-2020-14092.yaml
|
- template: cves/2020/CVE-2020-14092.yaml
|
||||||
- template: cves/2020/CVE-2020-35951.yaml
|
- template: cves/2020/CVE-2020-35951.yaml
|
||||||
|
- template: cves/2020/CVE-2020-35489.yaml
|
||||||
- template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
|
- template: vulnerabilities/wordpress/wordpress-auth-bypass-wptimecapsule.yaml
|
||||||
- template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
|
- template: vulnerabilities/wordpress/wordpress-rce-simplefilelist.yaml
|
||||||
- template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml
|
- template: vulnerabilities/wordpress/wordpress-total-upkeep-backup-download.yaml
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue