daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Fri Mar 31 16:11:22 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-31 16:11:22 +00:00
parent 8612267a77
commit 1a5385a40f
21 changed files with 97 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cves/2015/CVE-2015-2196.yaml
View File

@ -6,11 +6,12 @@ info:
severity: critical
description: |
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
remediation: Fixed in version 1.4.14.
reference:
- https://wpscan.com/vulnerability/8d436356-37f8-455e-99b3-effe8d0e3cad
- https://wordpress.org/plugins/spider-event-calendar/
- https://nvd.nist.gov/vuln/detail/CVE-2015-2196
- http://www.exploit-db.com/exploits/36061
remediation: Fixed in version 1.4.14.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8

8
cves/2021/CVE-2021-24239.yaml
View File

@ -6,10 +6,16 @@ info:
severity: medium
description: |
Pie Register < 3.7.0.1 does not sanitise the invitaion_code GET parameter when outputting it in the Activation Code page, leading to a reflected Cross-Site Scripting issue.
remediation: Fixed in version 3.7.0.1
reference:
- https://wpscan.com/vulnerability/f1b67f40-642f-451e-a67a-b7487918ee34
- https://nvd.nist.gov/vuln/detail/CVE-2021-24239
- https://plugins.trac.wordpress.org/changeset/2507536/
remediation: Fixed in version 3.7.0.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2021-24239
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2021,xss,pie-register,wp,wpscan

5
cves/2021/CVE-2021-24666.yaml
View File

@ -6,11 +6,12 @@ info:
severity: critical
description: |
The Podlove Podcast Publisher WordPress plugin before 3.5.6 contains a 'Social & Donations' module (not activated by default), which adds the rest route '/services/contributor/(?P<id>[\d]+), takes an 'id' and 'category' parameters as arguments. Both parameters can be used for the SQLi.
remediation: Fixed in version 3.5.6
reference:
- https://wpscan.com/vulnerability/fb4d7988-60ff-4862-96a1-80b1866336fe
- https://wordpress.org/plugins/podlove-podcasting-plugin-for-wordpress/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24666
- https://github.com/podlove/podlove-publisher/commit/aa8a343a2e2333b34a422f801adee09b020c6d76
remediation: Fixed in version 3.5.6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -18,7 +19,7 @@ info:
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2021,sqli,wordpress,wp-plugin,wp,podlove-podcasting-plugin-for-wordpress
tags: cve2021,sqli,wordpress,wp-plugin,wp,podlove-podcasting-plugin-for-wordpress,wpscan,cve
requests:
- method: GET

3
cves/2022/CVE-2022-1058.yaml
View File

@ -9,14 +9,15 @@ info:
reference:
- https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
- https://nvd.nist.gov/vuln/detail/CVE-2022-1058
- https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-1058
cwe-id: CWE-601
metadata:
verified: "true"
shodan-query: title:"Gitea"
verified: "true"
tags: cve,cve2022,open-redirect,gitea
requests:

6
cves/2022/CVE-2022-23898.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2022-23898
info:
name: MCMS IContentDao.xml. v5.2.5 - SQL Injection
author: Co5mos
severity: high
severity: critical
description: |
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
reference:
@ -16,9 +16,9 @@ info:
cve-id: CVE-2022-23898
cwe-id: CWE-89
metadata:
verified: "true"
shodan-query: http.favicon.hash:1464851260
fofa-query: icon_hash="1464851260"
shodan-query: http.favicon.hash:1464851260
verified: "true"
tags: cve,cve2022,sqli,mcms
variables:

7
cves/2022/CVE-2022-2756.yaml
View File

@ -6,20 +6,21 @@ info:
severity: medium
description: |
Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.
remediation: Fixed in 0.5.4.1
reference:
- https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216/
- https://github.com/kareadita/kavita
- https://nvd.nist.gov/vuln/detail/CVE-2022-2756
- https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4
remediation: Fixed in 0.5.4.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
cvss-score: 6.5
cve-id: CVE-2022-2756
cwe-id: CWE-918
metadata:
verified: "true"
shodan-query: title:"kavita"
tags: cve,cve2022,ssrf,kavita,authenticated
verified: "true"
tags: ssrf,kavita,authenticated,huntr,cve,cve2022
requests:
- raw:

2
cves/2022/CVE-2022-4140.yaml
View File

@ -18,7 +18,7 @@ info:
cwe-id: CWE-552
metadata:
verified: "true"
tags: cve,cve2022,wp-plugin,wordpress,wp,lfi,unauthenticated,usc-e-shop
tags: usc-e-shop,wpscan,cve,cve2022,wp-plugin,wp,wordpress,lfi,unauthenticated
requests:
- method: GET

5
cves/2022/CVE-2022-46934.yaml
View File

@ -8,15 +8,16 @@ info:
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-46934
- https://github.com/kekingcn/kkFileView/issues/411
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-46934
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: http.html:"kkFileView"
tags: cve,cve2022,xss,xss
verified: "true"
tags: xss,cve,cve2022
requests:
- raw:

10
cves/2022/CVE-2022-48012.yaml
View File

@ -3,15 +3,21 @@ id: CVE-2022-48012
info:
name: Opencats v0.9.7 - Cross Site Scripting
author: r3Y3r53
severity: high
severity: medium
description: |
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-48012
- https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities
- https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/blob/main/Opencats-0.9.7-Reflected%20XSS%20in%20onChangeTag.md
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-48012
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: title:"opencats"
verified: "true"
tags: cve,cve2022,xss,opencats,authenticated
requests:

9
cves/2023/CVE-2023-0552.yaml
View File

@ -6,16 +6,19 @@ info:
severity: medium
description: |
Pie Register < 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability
remediation: |
Fixed in version 3.8.2.3
reference:
- https://wpscan.com/vulnerability/832c6155-a413-4641-849c-b98ba55e8551
- https://nvd.nist.gov/vuln/detail/CVE-2023-0552
remediation: |
Fixed in version 3.8.2.3
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2023-0552
cwe-id: CWE-601
metadata:
verified: "true"
tags: cve,cve2023,redirect,pie,pie-register
tags: cve2023,redirect,pie,pie-register,wpscan,cve
requests:
- method: GET

8
cves/2023/CVE-2023-0942.yaml
View File

@ -10,10 +10,16 @@ info:
- https://wpscan.com/vulnerability/71aa9460-6dea-49cc-946c-d7d4bf723511
- https://nvd.nist.gov/vuln/detail/CVE-2023-0942
- https://wordpress.org/plugins/woocommerce-for-japan/
- https://plugins.trac.wordpress.org/browser/woocommerce-for-japan/trunk/includes/admin/views/html-admin-setting-screen.php#L63
remediation: Fixed in version 2.5.5
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0942
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2023,xss,woocommerce-for-japan,woocommerce,wp,plugin,wordpress,authenticated
tags: cve2023,woocommerce-for-japan,wp,wpscan,wordpress,authenticated,cve,xss,woocommerce,plugin
requests:
- raw:

8
cves/2023/CVE-2023-0968.yaml
View File

@ -6,16 +6,20 @@ info:
severity: medium
description: |
The plugin does not sanitise and escape some parameters ((such as email, dn, date and points) before outputting then back in a page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
remediation: Fixed in version 3.3.9.1
reference:
- https://wpscan.com/vulnerability/29008d1a-62b3-4f40-b5a3-134455b01595
- https://wordpress.org/plugins/watu/
- https://nvd.nist.gov/vuln/detail/CVE-2023-0968
- https://plugins.trac.wordpress.org/browser/watu/trunk/views/takings.php#L31
remediation: Fixed in version 3.3.9.1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0968
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2023,wp,wp-plugin,wordpress,xss,watu,authenticated
tags: wordpress,cve,cve2023,wp,wp-plugin,xss,watu,authenticated,wpscan
requests:
- raw:

8
cves/2023/CVE-2023-1080.yaml
View File

@ -6,16 +6,20 @@ info:
severity: medium
description: |
GN Publisher plugin < 1.5.6 vulnerable to Reflected Cross-Site Scripting via the tab parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping.
remediation: Fixed in version 1.5.6
reference:
- https://wpscan.com/vulnerability/fcbcfb56-640d-4071-bc12-acac1b1e7a74
- https://wordpress.org/plugins/gn-publisher/
- https://nvd.nist.gov/vuln/detail/CVE-2023-1080
- https://www.wordfence.com/threat-intel/vulnerabilities/id/8a4ee97c-63cd-4a5e-a112-6d4c4c627a57
remediation: Fixed in version 1.5.6
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-1080
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve,cve2023,wp,wp-plugin,wordpress,xss,gn-publisher,authenticated
tags: wp-plugin,wordpress,gn-publisher,authenticated,cve2023,wp,xss,wpscan,cve
requests:
- raw:

7
cves/2023/CVE-2023-24278.yaml
View File

@ -10,9 +10,14 @@ info:
- https://census-labs.com/news/2023/03/16/reflected-xss-vulnerabilities-in-squidex-squidsvg-endpoint/
- https://nvd.nist.gov/vuln/detail/CVE-2023-24278
- https://www.openwall.com/lists/oss-security/2023/03/16/1
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24278
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: http.favicon.hash:1099097618
verified: "true"
tags: cve,cve2023,xss,squidex,cms,unauth
requests:

8
cves/2023/CVE-2023-24367.yaml
View File

@ -9,9 +9,15 @@ info:
reference:
- https://github.com/mrojz/T24/blob/main/CVE-2023-24367.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-24367
- https://github.com/mrojz/T24/blob/main/T24_XSS.md
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24367
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: title:"T24 Sign in"
verified: "true"
tags: cve,cve2023,xss,temenos
requests:

7
cves/2023/CVE-2023-24657.yaml
View File

@ -9,9 +9,14 @@ info:
reference:
- https://github.com/phpipam/phpipam/issues/3738
- https://nvd.nist.gov/vuln/detail/CVE-2023-24657
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24657
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: html:"phpIPAM IP address management"
verified: "true"
tags: cve,cve2023,xss,phpipam,authenticated
requests:

8
cves/2023/CVE-2023-24733.yaml
View File

@ -8,9 +8,15 @@ info:
PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.
reference:
- https://github.com/AetherBlack/CVE/blob/main/PMB/readme.md
- https://github.com/AetherBlack/CVE/tree/main/PMB
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24733
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: http.favicon.hash:1469328760
verified: "true"
tags: cve,cve2023,unauth,xss,pmb
requests:

6
cves/2023/CVE-2023-24735.yaml
View File

@ -9,11 +9,15 @@ info:
reference:
- https://github.com/AetherBlack/CVE/blob/main/PMB/readme.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-24735
- https://github.com/AetherBlack/CVE/tree/main/PMB
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24735
cwe-id: CWE-601
metadata:
verified: "true"
shodan-query: http.favicon.hash:1469328760
verified: "true"
tags: cve,cve2023,redirect,pmb
requests:

6
cves/2023/CVE-2023-24737.yaml
View File

@ -9,11 +9,15 @@ info:
reference:
- https://github.com/AetherBlack/CVE/blob/main/PMB/readme.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-24737
- https://github.com/AetherBlack/CVE/tree/main/PMB
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-24737
cwe-id: CWE-79
metadata:
verified: "true"
shodan-query: http.favicon.hash:1469328760
verified: "true"
tags: cve,cve2023,xss,pmb
requests:

3
vulnerabilities/other/inspur-clusterengine-rce.yaml
View File

@ -9,11 +9,12 @@ info:
- https://www.inspursystems.com/
- https://github.com/MzzdToT/ClusterEngineV4.0sysShell_rce
- https://nvd.nist.gov/vuln/detail/CVE-2020-21224
- https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-88
cve-id: CVE-2020-21224
cwe-id: CWE-88
metadata:
fofa-query: title="TSCEV4.0"
tags: inspur,clusterengine,rce

2
vulnerabilities/wordpress/watu-xss.yaml
View File

@ -13,7 +13,7 @@ info:
- https://plugins.trac.wordpress.org/changeset?reponame=&new=2114019%40watu&old=2112579%40watu&
metadata:
verified: "true"
tags: xss,watu,quiz,authenticated
tags: watu,quiz,authenticated,wpscan,xss
requests:
- raw: