Enhancement: cves/2020/CVE-2020-12800.yaml by mp

2022-05-16 11:57:20 -04:00 · 2022-05-16 11:57:20 -04:00 · ab6f32bcc5
parent 717e54aca1
commit ab6f32bcc5
1 changed files with 6 additions and 3 deletions
--- a/cves/2020/CVE-2020-12800.yaml
+++ b/cves/2020/CVE-2020-12800.yaml
@ -1,12 +1,13 @@
 id: CVE-2020-12800

 info:
-  name: WordPress 'Drag & Drop Multiple File Upload - Contact Form 7' Plugin - Pre-auth RCE
+  name: WordPress Contact Form 7 <1.3.3.3 - Remote Code Execution
  author: dwisiswant0
  severity: critical
-  description: The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file.
+  description: WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.
  reference:
-    - https://github.com/amartinsec/CVE-2020-12800
+    - https://wordpress.org/plugins/drag-and-drop-multiple-file-upload-contact-form-7/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-12800
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
@ -60,3 +61,5 @@ requests:
        part: body_2
        words:
          - "CVE-2020-12800-{{randstr}}"
+
+# Enhanced by mp on 2022/05/16