infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add Notes metadata and warning

GSoC/Meterpreter_Web_Console
Jacob Robles 2018-11-29 06:35:37 -06:00
parent bfaa6cb416
commit 3de07f1bff
No known key found for this signature in database
GPG Key ID: 3EC9F18F2B12401C
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb
View File

@ -13,9 +13,13 @@ class MetasploitModule < Msf::Auxiliary
'Description' => %q{ 'Description' => %q{
The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set The Wordpress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set
wordpress administration options by overwriting values within the database. wordpress administration options by overwriting values within the database.
The vulnerability is present in WordPresss admin-ajax.php, which allows unauthorized The vulnerability is present in WordPresss admin-ajax.php, which allows unauthorized
users to trigger handlers and make configuration changes because of a failure to do users to trigger handlers and make configuration changes because of a failure to do
capability checks when executing the 'save_setting' internal action. capability checks when executing the 'save_setting' internal action.
WARNING: The module sets Wordpress configuration options without reading their current
values and restoring them later.
}, },
'Author' => 'Author' =>
[ [
@ -29,6 +33,10 @@ class MetasploitModule < Msf::Auxiliary
['CVE', '2018-19207'], ['CVE', '2018-19207'],
['WPVDB', '9144'] ['WPVDB', '9144']
], ],
'Notes' =>
{
'SideEffects' => [CONFIG_CHANGES]
},
'DisclosureDate' => 'Nov 08 2018' 'DisclosureDate' => 'Nov 08 2018'
)) ))