fix fp CVE-2022-0591.yaml

patch-1
J4vaovo 2023-09-03 07:22:48 +08:00 committed by GitHub
parent 3dabb68cd2
commit a3b7335af6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 1 deletions

View File

@ -2,7 +2,7 @@ id: CVE-2022-0591
info:
name: Formcraft3 <3.8.28 - Server-Side Request Forgery
author: Akincibor
author: Akincibor,j4vaovo
severity: critical
description: Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.
reference:
@ -32,3 +32,8 @@ http:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: WordPress"