Merge pull request #4103 from ritikchaddha/patch-24

Create CVE-2018-7662.yaml
2022-04-12 01:24:09 +05:30 · 2022-04-12 01:24:09 +05:30 · be4a05a855
parent c461b8a1d1 784ef6f25e
commit be4a05a855
1 changed files with 32 additions and 0 deletions
--- a/cves/2018/CVE-2018-7662.yaml
+++ b/cves/2018/CVE-2018-7662.yaml
@ -0,0 +1,32 @@
+id: CVE-2018-7662
+
+info:
+  name: CouchCMS Full Path Disclosure
+  author: ritikchaddha
+  severity: medium
+  description: phpmailer.php and mysql2i.func.php disclosure the full path
+  reference: https://github.com/CouchCMS/CouchCMS/issues/46
+  tags: couchcms,fpd,cve,cve2018
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/includes/mysql2i/mysql2i.func.php"
+      - "{{BaseURL}}/addons/phpmailer/phpmailer.php"
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "mysql2i.func.php on line 10"
+          - "Fatal error: Cannot redeclare mysql_affected_rows() in"
+        condition: and
+
+      - type: word
+        part: body
+        words:
+          - "phpmailer.php on line 10"
+          - "Fatal error: Call to a menber function add_event_listener() on a non-object in"
+        condition: and