id: CVE-2022-4944

info:
  name: KodExplorer <= 4.49 - Cross-site Request Forgery (CSRF) to Shell Upload
  author: Brosck
  severity: high
  description: A vulnerability, which was classified as problematic, was found in kalcaddle KodExplorer up to 4.49. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2022-4944. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component
  tags: csrf,rce,shell,upload,arbitrary,kodexplorer,cve-2022-4944
  reference:
    - https://www.cve.org/CVERecord?id=CVE-2022-4944
    - https://vuldb.com/?id.227000

requests:
  - method: GET
    path:
      - "{{BaseURL}}/"
      - "{{BaseURL}}/index.php?user/login"
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "Powered by KodExplorer v[0-4].[0-4][0-9]"
        condition: and

      - type: status
        status:
          - 200