daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2018-7700.yaml

patch-1
Prince Chaddha 2022-06-20 21:49:17 +05:30 committed by GitHub
parent a98020ff22
commit e14e52c4c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cves/2018/CVE-2018-7700.yaml
View File

@ -4,7 +4,8 @@ info:
name: DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution
author: pikpikcu
severity: high
description: DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
description: |
DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.
reference:
- https://laworigin.github.io/2018/03/07/CVE-2018-7700-dedecms%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C/
- https://nvd.nist.gov/vuln/detail/CVE-2018-7700
@ -24,10 +25,10 @@ requests:
matchers:
- type: word
part: body
words:
- "phpinfo"
- "PHP Version"
part: body
condition: and
- type: status