daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added CVE-2019-18818 

Added CVE-2019-18818
patch-1
idealphase 2021-09-04 14:00:28 +07:00 committed by GitHub
parent ca54102876
commit f1e770fc06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
cves/2019/CVE-2019-18818.yaml Normal file
View File

@ -0,0 +1,32 @@
id: CVE-2019-18818
info:
name: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
author: idealphase
description: strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
reference:
- https://www.exploit-db.com/exploits/50239
- https://nvd.nist.gov/vuln/detail/CVE-2019-18818
severity: critical
tags: cve,cve2019,strapi,rce
requests:
- method: GET
path:
- "{{BaseURL}}/admin/strapiVersion"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "strapiVersion"
part: body
- type: word
words:
- '3.0.0-beta.17.4'
part: bod