daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2023-39796.yaml

patch-1
Ritik Chaddha 2023-11-21 13:22:47 +05:30 committed by GitHub
parent 7851d8dc92
commit 0c02d70c96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
http/cves/2023/CVE-2023-39796.yaml
View File

@ -8,18 +8,17 @@ info:
There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajax_delete_message.php" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.
remediation: Fixed in version 1.6.1
reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39796
https://forum.wbce.org/viewtopic.php?pid=42046#p42046
https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
- https://forum.wbce.org/viewtopic.php?pid=42046#p42046
- https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-39796
cwe-id: CWE-89
metadata:
max-request: 1
verified: true
shodan-query: html:"/wbce/"
tags: cve,cve2023,sqli,wbce
tags: cve,cve2023,sqli,wbce,intrusive
http:
- raw: