From fa123f840251c7d30f07c01212f37b7717cae9b5 Mon Sep 17 00:00:00 2001 From: Kazgangap Date: Mon, 10 Jun 2024 14:52:00 +0300 Subject: [PATCH] add cve-2023-6505 --- http/cves/2023/CVE-2023-6505.yaml | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 http/cves/2023/CVE-2023-6505.yaml diff --git a/http/cves/2023/CVE-2023-6505.yaml b/http/cves/2023/CVE-2023-6505.yaml new file mode 100644 index 0000000000..53a0b8dbf1 --- /dev/null +++ b/http/cves/2023/CVE-2023-6505.yaml @@ -0,0 +1,44 @@ +id: CVE-2023-6505 + +info: + name: Prime Mover < 1.9.3 - Directory Listing to Sensitive Data Exposure + author: securityforeveryone.com + severity: high + description: | + Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes. + remediation: Fixed in 1.9.3 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2023-6505 + - https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629 + - https://research.cleantalk.org/cve-2023-6505-prime-mover-poc-exploit/ + - https://github.com/fkie-cad/nvd-json-data-feeds + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2023-6505 + epss-score: 0.00087 + epss-percentile: 0.36916 + cpe: cpe:2.3:a:codexonics:prime_mover:*:*:*:*:*:wordpress:*:* + metadata: + vendor: codexonics + product: prime_mover + framework: wordpress + tags: wpscan,wordpress,exposure,cve,cve2023 + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/uploads/prime-mover-export-files/1/" + + matchers-condition: and + matchers: + - type: word + words: + - 'Index of /wp-content/uploads/prime-mover-export-files/1' + - '.wprime' + condition: or + part: body + + - type: status + status: + - 200