From 0c02d70c962e7ae0e06dd2aaba239441bce4850e Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Tue, 21 Nov 2023 13:22:47 +0530
Subject: [PATCH] Update CVE-2023-39796.yaml

---
 http/cves/2023/CVE-2023-39796.yaml | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/http/cves/2023/CVE-2023-39796.yaml b/http/cves/2023/CVE-2023-39796.yaml
index 1962d14f7f..0351ae1dd8 100644
--- a/http/cves/2023/CVE-2023-39796.yaml
+++ b/http/cves/2023/CVE-2023-39796.yaml
@@ -8,18 +8,17 @@ info:
     There is an sql injection vulnerability in "miniform module" which is a default module installed in the WBCE cms. It is an unauthenticated sqli so anyone could access it and takeover the whole database. In file "/modules/miniform/ajax_delete_message.php" there is no authentication check. On line 40 in this file, there is a DELETE query that is vulnerable, an attacker could jump from the query using the tick sign - `.
   remediation: Fixed in version 1.6.1
   reference:
-    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39796
-    https://forum.wbce.org/viewtopic.php?pid=42046#p42046
-    https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
+    - https://forum.wbce.org/viewtopic.php?pid=42046#p42046
+    - https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.8
     cve-id: CVE-2023-39796
+    cwe-id: CWE-89
   metadata:
     max-request: 1
     verified: true
-    shodan-query: html:"/wbce/"
-  tags: cve,cve2023,sqli,wbce
+  tags: cve,cve2023,sqli,wbce,intrusive
 
 http:
   - raw: