nuclei-templates
nuclei-templates copied to clipboard
Added avada-fusion-forms-uploads-exposure.yaml (CVE-2024-2340)
Template / PR Information
The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.
- References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-2340
- https://vulners.com/wpvulndb/WPVDB-ID:507E1D07-4953-4A31-81E8-80F01F971E2A
Template Validation
I've validated this template locally? YES
Additional Details
Vulnerable instances exposing uploaded files via dir listing can be discovered with at least the following google dorks:
inurl:"uploads/fusion-forms/"
intitle:"Index of /wp-content/uploads/fusion-forms"