mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-21 22:26:12 +02:00
0xMarcio
1.5 KiB
1.5 KiB
CVE-2017-1001000
Description
The register_routes function in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in the REST API in WordPress 4.7.x before 4.7.2 does not require an integer identifier, which allows remote attackers to modify arbitrary pages via a request for wp-json/wp/v2/posts followed by a numeric value and a non-numeric value, as demonstrated by the wp-json/wp/v2/posts/123?id=123helloworld URI.
POC
Reference
Github
- https://github.com/20142995/nuclei-templates
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CybVulnHunter/nmap-guidelines
- https://github.com/FishyStix12/BH.py-CharCyCon2024
- https://github.com/FishyStix12/Black-Hat-Python-Couse.py2024
- https://github.com/FishyStix12/WHPython_v1.02
- https://github.com/FishyStix12/WHPython_v1.1
- https://github.com/Vayel/docker-wordpress-content-injection
- https://github.com/YemiBeshe/Codepath-WP1
- https://github.com/hom3r/wordpress-4.7
- https://github.com/itsismarcos/WpRest
- https://github.com/justinw238/codepath_7_jlw15
- https://github.com/sarcox/WPPentesting