vpatch-CVE-2020-11738 AppSec Rule

« vpatch-CVE-2020-11738 »
v0.6 by crowdsecurity
AppSec rule

Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2020-11738

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2020-11738
2description: "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /wp-admin/admin-ajax.php
12    - zones:
13      - ARGS
14      variables:
15        - action
16      match:
17        type: equals
18        value: duplicator_download
19    - zones:
20      - ARGS
21      variables:
22        - file
23      match:
24        type: contains
25        value: ".."
26labels:
27  type: exploit
28  service: http
29  confidence: 3
30  spoofable: 0
31  behavior: "http:exploit"
32  label: "Wordpress Snap Creek Duplicator"
33  classification:
34   - cve.CVE-2020-11738
35   - attack.T1595
36   - attack.T1190
37   - cwe.CWE-22

Hub Appsec rule

« vpatch-CVE-2020-11738 »v0.6 by crowdsecurityAppSec rule

« vpatch-CVE-2020-11738 »
v0.6 by crowdsecurity
AppSec rule