diff --git a/http/cves/2021/CVE-2021-24139.yaml b/http/cves/2021/CVE-2021-24139.yaml index 99a1f912794..650736bf817 100644 --- a/http/cves/2021/CVE-2021-24139.yaml +++ b/http/cves/2021/CVE-2021-24139.yaml @@ -1,7 +1,7 @@ id: CVE-2021-24139 info: - name: 10Web Photo Gallery - SQL Injection + name: 10Web Photo Gallery < 1.5.55 - SQL Injection author: riteshs4hu severity: critical description: | @@ -11,8 +11,9 @@ info: remediation: | Update to version 1.5.55 or later. reference: - - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/photo-gallery/photo-gallery-by-10web-1554-sql-injection-via-bwg-search-x-parameter - https://wpscan.com/vulnerability/2e33088e-7b93-44af-aa6a-e5d924f86e28 + - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/photo-gallery/photo-gallery-by-10web-1554-sql-injection-via-bwg-search-x-parameter + - https://nvd.nist.gov/vuln/detail/CVE-2021-24139 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -23,23 +24,26 @@ info: cpe: cpe:2.3:a:10web:photo_gallery:*:*:*:*:*:wordpress:*:* metadata: verified: true - max-request: 3 + max-request: 2 vendor: 10web product: photo_gallery - tags: cve,cve2021,kev,vkev,10web,photo-gallery + publicwww-query: "bwg_container" + tags: cve,cve2021,wp,wp-plugin,sqli,photo-gallery,10web + +flow: http(1) && http(2) http: - raw: - | GET /index.php?rest_route=/wp/v2/pages HTTP/1.1 Host: {{Hostname}} - + extractors: - type: regex name: slug group: 1 regex: - - '"slug"\s*:\s*"([^"]+)"[\s\S]*?"content"\s*:\s*{\s*"rendered"\s*:\s*".*?bwg-style-0' + - '"slug"\s*:\s*"([^"]+)"[\s\S]*?"content"\s*:\s*{\s*"rendered"\s*:\s*".*?bwg' internal: true - raw: @@ -51,4 +55,5 @@ http: matchers: - type: dsl dsl: - - 'status_code==200 && duration>=5' + - 'duration>=5' + - 'status_code==200'