daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5497) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-09-29 09:38:41 -04:00 committed by GitHub
parent 93e3b2b3ca
commit 1fa47500e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 388 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cnvd/2022/CNVD-2022-42853.yaml
View File

@ -3,12 +3,16 @@ id: CNVD-2022-42853
info:
name: ZenTao CMS - SQL Injection
author: ling
severity: high
severity: critical
description: |
Zen Tao has a SQL injection vulnerability. Attackers can exploit the vulnerability to obtain sensitive database information.
ZenTao CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: http.title:"zentao"
@ -33,3 +37,5 @@ requests:
part: body
words:
- 'c8c605999f3d8352d7bb792cf3fdb25'
# Enhanced by mp on 2022/09/28

2
cves/2016/CVE-2016-7834.yaml
View File

@ -1,7 +1,7 @@
id: CVE-2016-7834
info:
name: Sony IPELA Engine IP Camera - Harcoded Account
name: Sony IPELA Engine IP Camera - Hardcoded Account
author: af001
severity: high
description: |

8
cves/2017/CVE-2017-8917.yaml
View File

@ -1,15 +1,13 @@
id: CVE-2017-8917
info:
name: Joomla! < 3.7.1 - SQL Injection
name: Joomla! <3.7.1 - SQL Injection
author: princechaddha
severity: critical
description: |
Joomla! 3.7.x before 3.7.1 contains a SQL injection vulnerability that could allow attackers to execute arbitrary SQL commands via unspecified vectors.
Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html
- http://web.archive.org/web/20210421142819/https://www.securityfocus.com/bid/98515
- http://web.archive.org/web/20211207050608/https://securitytracker.com/id/1038522
- https://nvd.nist.gov/vuln/detail/CVE-2017-8917
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -34,3 +32,5 @@ requests:
part: body
words:
- '{{md5(num)}}'
# Enhanced by mp on 2022/09/28

10
cves/2019/CVE-2019-10692.yaml
View File

@ -1,18 +1,16 @@
id: CVE-2019-10692
info:
name: WP Google Maps < 7.11.18 - Unauthenticated SQL Injection
name: WordPress Google Maps <7.11.18 - SQL Injection
author: pussycat0x
severity: critical
description: |
In the wp-google-maps plugin before 7.11.18 for WordPress,
includes/class.rest-api.php in the REST API does not sanitize field names
before a SELECT statement.
WordPress Google Maps plugin before 7.11.18 contains a SQL injection vulnerability. The plugin includes /class.rest-api.php in the REST API and does not sanitize field names before a SELECT statement. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://wpscan.com/vulnerability/475404ce-2a1a-4d15-bf02-df0ea2afdaea
- https://nvd.nist.gov/vuln/detail/CVE-2019-10692
- https://wordpress.org/plugins/wp-google-maps/#developers
- https://plugins.trac.wordpress.org/changeset?old_path=%2Fwp-google-maps&old=2061433&new_path=%2Fwp-google-maps&new=2061434&sfp_email=&sfph_mail=#file755
- https://nvd.nist.gov/vuln/detail/CVE-2019-10692
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -44,3 +42,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

14
vulnerabilities/other/weiphp-sql-injection.yaml → cves/2020/CVE-2020-20300.yaml
View File

@ -1,11 +1,17 @@
id: weiphp-sql-injection
id: CVE-2020-20300
info:
name: WeiPHP 5.0 SQLI
name: WeiPHP 5.0 - SQL Injection
author: pikpikcu
severity: high
severity: critical
description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-20300
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: http.html:"WeiPHP5.0"
@ -26,3 +32,5 @@ requests:
- type: status
status:
- 500
# Enhanced by mp on 2022/09/28

8
cves/2020/CVE-2020-5192.yaml
View File

@ -3,13 +3,13 @@ id: CVE-2020-5192
info:
name: Hospital Management System 4.0 - SQL Injection
author: TenBird
severity: high
severity: critical
description: |
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilities: multiple pages and parameters are not validating user input, and allow for the application's database and information to be fully compromised.
Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/47840
- https://nvd.nist.gov/vuln/detail/CVE-2020-5192
- https://phpgurukul.com/hospital-management-system-in-php/
- https://nvd.nist.gov/vuln/detail/CVE-2020-5192
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -51,3 +51,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

10
cves/2020/CVE-2020-8654.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2020-8654
info:
name: EyesOfNetwork 5.3 - Authenticated RCE
name: EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution
author: praetorian-thendrickson
severity: high
description: EyesOfNetwork version 5.1-5.3 is vulnerable to multiple exploits. Version 5.3 is vulnerable to CVE-2020-8654 (authenticated rce), CVE-2020-8655 (privesc), CVE-2020-8656 (SQLi - API version before 2.4.2), and 2020-8657 (hardcoded api key). Versions 5.1-5.3 are vulnerable to CVE-2020-9465 (SQLi).
severity: critical
description: EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.
reference:
- https://github.com/h4knet/eonrce
- https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb
- https://nvd.nist.gov/vuln/detail/CVE-2020-8657
- https://github.com/EyesOfNetworkCommunity/eonweb/issues/50
- https://nvd.nist.gov/vuln/detail/CVE-2020-8654
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

11
cves/2021/CVE-2021-25104.yaml
View File

@ -1,16 +1,15 @@
id: CVE-2021-25104
info:
name: Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting
name: WordPress Ocean Extra <1.9.5 - Cross-Site Scripting
author: Akincibor
severity: medium
description: The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue.
severity: high
description: WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.
reference:
- https://wpscan.com/vulnerability/2ee6f1d8-3803-42f6-9193-3dd8f416b558
- https://wordpress.org/plugins/ocean-extra/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-25104
- https://nvd.nist.gov/vuln/detail/CVE-2021-25104
remediation: Fixed in version 1.9.5
remediation: Fixed in version 1.9.5.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -53,3 +52,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

8
cves/2021/CVE-2021-36873.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-36873
info:
name: iQ Block Country plugin - Cross-Site Scripting
name: WordPress iQ Block Country <=1.2.11 - Cross-Site Scripting
author: theamanrawat
severity: medium
severity: high
description: |
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11).
WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://wpscan.com/vulnerability/ba93f085-2153-439b-9cda-7c5b09d3ed58
- https://wordpress.org/plugins/iq-block-country/
@ -62,3 +62,5 @@ requests:
regex:
- 'name="_wpnonce" value="([0-9a-zA-Z]+)"'
internal: true
# Enhanced by mp on 2022/09/28

8
cves/2021/CVE-2021-39320.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2021-39320
info:
name: WordPress underConstruction Plugin < 1.19 - Cross-Site Scripting
name: WordPress Under Construction <1.19 - Cross-Site Scripting
author: dhiyaneshDK
severity: medium
severity: high
description: |
The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path.
WordPress Under Construction plugin before 1.19 contains a cross-site scripting vulnerability. The plugin echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file on certain configurations, including Apache+modPHP.
reference:
- https://wpscan.com/vulnerability/49ae1df0-d6d2-4cbb-9a9d-bf3599429875
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39320
@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

10
cves/2021/CVE-2021-41878.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2021-41878
info:
name: i-Panel Administration System - Cross-Site Scripting
name: i-Panel Administration System 2.0 - Cross-Site Scripting
author: madrobot
severity: medium
severity: high
description: |
A reflected cross-site scripting vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console.
i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.
reference:
- https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-41878
- https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41878
- https://nvd.nist.gov/vuln/detail/CVE-2021-41878
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

8
cves/2021/CVE-2021-42667.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2021-42667
info:
name: Online Event Booking and Reservation System version 2.3.0 - SQL injection
name: Online Event Booking and Reservation System 2.3.0 - SQL Injection
author: fxploit
severity: critical
description: |
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
Online Event Booking and Reservation System 2.3.0 contains a SQL injection vulnerability in event-management/views. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/0xDeku/CVE-2021-42667
- https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-42667
- https://github.com/TheHackingRabbi/CVE-2021-42667
- https://nvd.nist.gov/vuln/detail/CVE-2021-42667
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -49,3 +49,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

6
cves/2022/CVE-2022-29006.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-29006
info:
name: Directory Management System 1.0 - SQLi Authentication Bypass
name: Directory Management System 1.0 - SQL Injection
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
Directory Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/50370
- https://phpgurukul.com/directory-management-system-using-php-and-mysql/
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

6
cves/2022/CVE-2022-29007.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-29007
info:
name: Dairy Farm Shop Management System v1.0 - SQLi Authentication Bypass
name: Dairy Farm Shop Management System 1.0 - SQL Injection
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
Dairy Farm Shop Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/50365
- https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
@ -45,3 +45,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

6
cves/2022/CVE-2022-29009.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-29009
info:
name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
name: Cyber Cafe Management System 1.0 - SQL Injection
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/50355
- https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

8
cves/2022/CVE-2022-31373.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-31373
info:
name: SolarView Compact 6.00 - Cross-Site Scripting(XSS)
name: SolarView Compact 6.00 - Cross-Site Scripting
author: ritikchaddha
severity: medium
severity: high
description: |
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.
SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://github.com/badboycxcc/SolarView_Compact_6.0_xss
- https://nvd.nist.gov/vuln/detail/CVE-2022-31373
@ -41,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

8
cves/2022/CVE-2022-32007.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32007
info:
name: Complete Online Job Search System v1.0 - SQL Injection
name: Complete Online Job Search System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=.
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/admin/company/index.php?view=edit&id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-2.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32007
@ -40,3 +40,5 @@ requests:
part: body
words:
- '{{md5({{num}})}}'
# Enhanced by mp on 2022/09/28

8
cves/2022/CVE-2022-32015.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32015
info:
name: Complete Online Job Search System v1.0 - SQL Injection
name: Complete Online Job Search System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=.
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=category&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-8.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32015
@ -31,3 +31,5 @@ requests:
part: body
words:
- '{{md5({{num}})}}'
# Enhanced by mp on 2022/09/28

8
cves/2022/CVE-2022-32018.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32018
info:
name: Complete Online Job Search System v1.0 - SQL Injection
name: Complete Online Job Search System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=.
Complete Online Job Search System 1.0 contains a SQL injection vulnerability via /eris/index.php?q=hiring&search=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/online-job-search-system/SQLi-12.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32018
@ -31,3 +31,5 @@ requests:
part: body
words:
- '{{md5({{num}})}}'
# Enhanced by mp on 2022/09/28

10
cves/2022/CVE-2022-32022.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2022-32022
info:
name: Car Rental Management System v1.0 - SQL Injection
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/ajax.php?action=login.
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32022
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-1.md.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
@ -47,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

8
cves/2022/CVE-2022-32024.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32024
info:
name: Car Rental Management System v1.0 - SQL Injection
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /booking.php?car_id=.
Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?car_id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-4.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32024
@ -48,3 +48,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/26

8
cves/2022/CVE-2022-32025.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32025
info:
name: Car Rental Management System v1.0 - SQL Injection
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/view_car.php?id=.
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/view_car.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-6.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32025
@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/26

8
cves/2022/CVE-2022-32026.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32026
info:
name: Car Rental Management System v1.0 - SQL Injection
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/manage_booking.php?id=.
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_booking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-5.md
@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/26

8
cves/2022/CVE-2022-32028.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32028
info:
name: Car Rental Management System v1.0 - SQL Injection
name: Car Rental Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /admin/manage_user.php?id=.
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/manage_user.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/campcodes.com/car-rental-management-system/SQLi-8.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-32028
@ -50,3 +50,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/26

6
cves/2022/CVE-2022-32094.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-32094
info:
name: Hospital Management System v1.0 - SQL Injection
name: Hospital Management System 1.0 - SQL Injection
author: arafatansari
severity: critical
description: |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/doctor.php.
Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/Danie1233/Hospital-Management-System-v1.0-SQLi-3/
- https://nvd.nist.gov/vuln/detail/CVE-2022-32094
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/26

8
cves/2022/CVE-2022-34590.yaml
View File

@ -1,11 +1,11 @@
id: CVE-2022-34590
info:
name: Hospital Management System v1.0 - SQL Injection
name: Hospital Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.
Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/Renrao/bug_report/blob/master/blob/main/vendors/itsourcecode.com/hospital-management-system/sql_injection.md
- https://nvd.nist.gov/vuln/detail/CVE-2022-34590
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

8
cves/2022/CVE-2022-38637.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2022-38637
info:
name: Hospital Management System v1.0 - SQL Injection
name: Hospital Management System 1.0 - SQL Injection
author: arafatansari
severity: critical
description: |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/user-login.php.
Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.youtube.com/watch?v=m8nW0p69UHU
- https://nvd.nist.gov/vuln/detail/CVE-2022-38637
- https://owasp.org/www-community/attacks/SQL_Injection
- https://nvd.nist.gov/vuln/detail/CVE-2022-38637
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
@ -44,3 +44,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

2
file/bash/bash.yaml
View File

@ -21,7 +21,7 @@ file:
- ":(){:|:&};:"
- type: regex
name: rm commad found
name: rm command found
regex:
- "rm -(f|r)"
- "rm -(fr|rf)"

12
vulnerabilities/dedecms/dedecms-membergroup-sqli.yaml
View File

@ -1,12 +1,16 @@
id: dedecms-membergroup-sqli
info:
name: DedeCMS Membergroup SQLI
name: Dede CMS - SQL Injection
author: pikpikcu
severity: medium
description: A vulnerability in the DedeCMS product allows remote unauthenticated users to inject arbitrary SQL statements via the 'ajax_membergroup.php' endpoint and the 'membergroup' parameter.
severity: critical
description: Dede CMS contains a SQL injection vulnerability which allows remote unauthenticated users to inject arbitrary SQL statements via the ajax_membergroup.php endpoint and the membergroup parameter.
reference:
- http://www.dedeyuan.com/xueyuan/wenti/1244.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
shodan-query: http.html:"DedeCms"
tags: sqli,dedecms
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

13
vulnerabilities/other/alumni-management-sqli.yaml
View File

@ -1,13 +1,18 @@
id: alumni-management-sqli
info:
name: Alumni Management System 1.0 - SQLi Authentication Bypass
name: Alumni Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Alumni Management System Admin Login page can be bypassed with a simple SQLi to the username parameter.
Alumni Management System 1.0 contains a SQL injection vulnerability via admin/login in the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48883
- https://www.cvedetails.com/cve/CVE-2020-29214
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: sqli,auth-bypass,cms,edb,alumni
requests:
@ -42,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

15
vulnerabilities/other/chamilo-lms-sqli.yaml
View File

@ -1,10 +1,15 @@
id: chamilo-lms-sqli
info:
name: Chamilo LMS SQL Injection
name: Chamilo 1.11.14 - SQL Injection
author: undefl0w
severity: high
description: Finds sql injection in Chamilo version 1.11.14
severity: critical
description: Chamilo 1.1.14 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference: https://packetstormsecurity.com/files/162572/Chamilo-LMS-1.11.14-Remote-Code-Execution.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: chamilo,sqli
requests:
@ -27,4 +32,6 @@ requests:
matchers:
- type: dsl
dsl:
- 'contains(body_2, "{{randstr}}")'
- 'contains(body_2, "{{randstr}}")'
# Enhanced by md on 2022/09/28

13
vulnerabilities/other/cvms-sqli.yaml
View File

@ -1,13 +1,18 @@
id: cvms-sqli
info:
name: Company Visitor Management System (CVMS) 1.0 - SQLi Authentication Bypass
name: Company Visitor Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Company Visitor Management System Login page can be bypassed with a simple SQLi to the username parameter.
Company Visitor Management System 1.0 contains a SQL injection vulnerability via the login page in the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48884
- https://packetstormsecurity.com/files/158476/Company-Visitor-Management-System-CVMS-1.0-SQL-Injection.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
tags: cvms,sqli,auth-bypass,cms,edb
@ -36,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

17
vulnerabilities/other/dotnetcms-sqli.yaml
View File

@ -1,15 +1,20 @@
id: dotnetcms-sqli
info:
name: DotnetCMS SQLi
name: Dotnet CMS - SQL Injection
author: ritikchaddha
severity: high
metadata:
verified: true
shodan-query: http.html:"dotnetcms"
severity: critical
description: Dotnet CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.cnblogs.com/rebeyond/p/4951418.html
- http://wy.zone.ci/bug_detail.php?wybug_id=wooyun-2015-0150742
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: http.html:"dotnetcms"
tags: dotnetcms,dotnet,sqli
requests:
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

11
vulnerabilities/other/duomicms-sql-injection.yaml
View File

@ -1,11 +1,16 @@
id: duomicms-sql-injection
info:
name: DuomiCMS SQL Injection
name: Duomi CMS - SQL Injection
author: pikpikcu
severity: high
severity: critical
description: Duomi CMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://redn3ck.github.io/2016/11/01/duomiCMS/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: title:"DuomiCMS"
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

12
vulnerabilities/other/ecshop-sqli.yaml
View File

@ -1,16 +1,20 @@
id: ecshop-sqli
info:
name: ECShop 2.x/3.x SQL Injection
name: ECShop 2.x/3.x - SQL Injection
author: Lark-lab,ImNightmaree,ritikchaddha
severity: high
severity: critical
description: |
The vulnerability affects ECShop 2.x and 3.x versions allows remote unauthenticated users to inject arbitrary SQL statements into via the 'Referer' header field,and later via SQL injection vulnerability to malicious code injected into the dangerous eval function in order to achieve arbitrary code execution.
ECShop 2.x and 3.x contains a SQL injection vulnerability which can allow an attacker to inject arbitrary SQL statements via the referer header field and the dangerous eval function, thus possibly allowing an attacker to obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://titanwolf.org/Network/Articles/Article?AID=af15bee8-7afc-4bb2-9761-a7d61210b01a
- https://phishingkittracker.blogspot.com/2019/08/userphp-ecshop-sql-injection-2017.html
- http://www.wins21.com/mobile/blog/blog_view.html?num=1172
- https://www.shutingrz.com/post/ad_hack-ec_exploit/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
fofa-query: app="ECShop"
@ -46,3 +50,5 @@ requests:
- "PHP Extension"
- "PHP Version"
condition: and
# Enhanced by mp on 2022/09/28

12
vulnerabilities/other/ems-sqli.yaml
View File

@ -1,14 +1,18 @@
id: ems-sqli
info:
name: Employee Management System 1.0 - SQLi Authentication Bypass
name: Employee Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Employee Management System Login page can be bypassed with a simple SQLi to the username parameter.
Employee Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48882
- https://www.sourcecodester.com/sites/default/files/download/razormist/employee-management-system.zip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
tags: ems,sqli,cms,auth-bypass,edb
@ -37,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

11
vulnerabilities/other/etouch-v2-sqli.yaml
View File

@ -1,12 +1,17 @@
id: etouch-v2-sqli
info:
name: Ectouch v2 SQL Injection
name: ECTouch 2 - SQL Injection
author: princechaddha
severity: high
severity: critical
description: ECTouch 2 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/mstxq17/CodeCheck/
- https://www.anquanke.com/post/id/168991
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: etouch,sqli
variables:
@ -27,3 +32,5 @@ requests:
words:
- '{{md5({{num}})}}'
part: body
# Enhanced by mp on 2022/09/28

10
vulnerabilities/other/finecms-sqli.yaml
View File

@ -3,11 +3,15 @@ id: finecms-sqli
info:
name: FineCMS 5.0.10 - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: |
SQL Injection exists in FineCMS 5.0.10.
FineCMS 5.0.10 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://blog.csdn.net/dfdhxb995397/article/details/101385340
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: finecms,sqli
variables:
@ -22,3 +26,5 @@ requests:
- type: word
words:
- '{{md5({{num}})}}'
# Enhanced by mp on 2022/09/28

13
vulnerabilities/other/kevinlab-bems-sqli.yaml
View File

@ -1,15 +1,18 @@
id: kevinlab-bems-sqli
info:
name: KevinLAB BEMS 1.0 Unauthenticated SQL Injection/Authentication Bypass
name: KevinLAB BEMS 1.0 - SQL Injection
author: gy741
severity: high
description: The application suffers from an unauthenticated SQL Injection vulnerability. Input passed through 'input_id' POST parameter in '/http/index.php' is not properly sanitised before being returned to the
user or used in SQL queries.
severity: critical
description: KevinLAB BEMS 1.0 contains a SQL injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5655.php
- https://www.exploit-db.com/exploits/50146
- https://packetstormsecurity.com/files/163572/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: kevinlab,sqli,edb,packetstorm
requests:
@ -32,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

13
vulnerabilities/other/loancms-sqli.yaml
View File

@ -1,13 +1,18 @@
id: loancms-sqli
info:
name: Loan Management System 1.0 - SQLi Authentication Bypass
name: Loan Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Loan Management System Login page can be bypassed with a simple SQLi to the username parameter.
Loan Management System 1.0 contains a SQL injection vulnerability via the username parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/50402
- https://packetstormsecurity.com/files/167860/Loan-Management-System-1.0-SQL-Injection.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
tags: edb,loancms,sqli,auth-bypass,cms
@ -41,3 +46,5 @@ requests:
words:
- 'login-form'
negative: true
# Enhanced by mp on 2022/09/28

11
vulnerabilities/other/pbootcms-database-file-download.yaml
View File

@ -1,12 +1,17 @@
id: pbootcms-database-file-download
info:
name: PbootCMS v2.0.7 - pbootcms.db File Download
name: PbootCMS 2.0.7 - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: PbootCMS 2.0.7 contains a SQL injection vulnerability via pbootcms.db. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://xz.aliyun.com/t/7628
- https://www.cnblogs.com/0daybug/p/12786036.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: pbootcms,db,exposure,database,sqlite
requests:
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

13
vulnerabilities/other/phpok-sqli.yaml
View File

@ -1,9 +1,16 @@
id: phpok-sqli
info:
name: PHPOK - Sql Injection
name: PHPOK - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: PHPOK contains a SQL injection vulnerability via a GET request. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://cve.report/software/phpok/phpok
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
fofa-query: app="phpok"
@ -23,3 +30,5 @@ requests:
part: body
words:
- '{{md5({{num}})}}'
# Enhanced by mp on 2022/09/28

11
vulnerabilities/other/seacms-sqli.yaml
View File

@ -1,11 +1,16 @@
id: seacms-sqli
info:
name: SeaCMS V8.7 SQL Injection
name: SeaCMS 8.7 - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: SeaCMS 8.7 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.uedbox.com/post/54561/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: seacms,sqli
variables:
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/other/vpms-auth-bypass.yaml
View File

@ -1,12 +1,16 @@
id: vpms-auth-bypass
info:
name: Vehicle Parking Management System 1.0 - Authentication Bypass
name: Vehicle Parking Management System 1.0 - SQL Injection
author: dwisiswant0
severity: high
description: The Vehicle Parking Management System allows remote attackers to bypass the authentication system by utilizing an SQL injection vulnerability in the 'password' parameter.
severity: critical
description: Vehicle Parking Management System 1.0 contains a SQL injection vulnerability via the password parameter. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48877
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: auth-bypass,edb
requests:
@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/other/wuzhicms-sqli.yaml
View File

@ -1,11 +1,17 @@
id: wuzhicms-sqli
info:
name: Wuzhicms v4.1.0 SQL Injection
name: Wuzhicms 4.1.0 - SQL Injection
author: princechaddha
severity: high
severity: critical
description: Wuzhicms 4.1.0 contains a SQL injection vulnerability via the grouppid parameter of /coreframe/app/member/admin/group.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://github.com/wuzhicms/wuzhicms/issues/184
- https://vulners.com/cnvd/CNVD-2022-36985
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: wuzhicms,sqli
variables:
@ -26,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

11
vulnerabilities/other/xdcms-sqli.yaml
View File

@ -1,11 +1,16 @@
id: xdcms-sqli
info:
name: XdCMS SQL Injection
name: XdCMS - SQL Injection
author: pikpikcu
severity: high
severity: critical
description: XdCMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.uedbox.com/post/35188/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: sqli,xdcms
variables:
@ -36,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/other/yeswiki-sql.yaml
View File

@ -1,13 +1,17 @@
id: yeswiki-sql
info:
name: YesWiki - SQL Injection
name: YesWiki <2022-07-07 - SQL Injection
author: arafatansari
severity: critical
description: |
YesWiki before 2022-07-07 allows SQL Injection via the "id" parameter in the AccueiL URL.
YesWiki before 2022-07-07 contains a SQL injection vulnerability via the id parameter in the AccueiL URL. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://huntr.dev/bounties/32e27955-376a-48fe-9984-87dd77e24985/
- https://huntr.dev/bounties/32e27955-376a-48fe-9984-87dd77e24985
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
shodan-query: http.html:"yeswiki"
@ -31,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by md on 2022/09/28

11
vulnerabilities/other/zcms-v3-sqli.yaml
View File

@ -1,11 +1,16 @@
id: zcms-v3-sqli
info:
name: ZCMS SQL Injection
name: ZCMS - SQL Injection
author: princechaddha
severity: high
severity: critical
description: ZCMS contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.anquanke.com/post/id/183241
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: zcms,sqli
variables:
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

13
vulnerabilities/other/zms-auth-bypass.yaml
View File

@ -1,12 +1,17 @@
id: zms-auth-bypass
info:
name: Zoo Management System 1.0 - Authentication Bypass
name: Zoo Management System 1.0 - SQL Injection
author: dwisiswant0
severity: high
description: A vulnerability in Zoo Management allows remote attackers to bypass the authentication mechanism via an SQL injection vulnerability.
severity: critical
description: Zoo Management System 1.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48880
- https://packetstormsecurity.com/files/159567/Zoo-Management-System-1.0-SQL-Injection.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: zms,edb,auth-bypass
requests:
@ -35,3 +40,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

13
vulnerabilities/other/zms-sqli.yaml
View File

@ -1,13 +1,18 @@
id: zms-sqli
info:
name: Zoo Management System (ZMS) 1.0 - SQLi Authentication Bypass
name: Zoo Management System 1.0 - SQL Injection
author: arafatansari
severity: high
severity: critical
description: |
Zoo Management System Login page can be bypassed with a simple SQLi to the username parameter.
Zoo Management System 1.0 contains a SQL injection vulnerability via the username parameter on the login page. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.exploit-db.com/exploits/48880
- https://packetstormsecurity.com/files/167572/Zoo-Management-System-1.0-Cross-Site-Scripting.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
verified: true
tags: zms,sqli,auth-bypass,cms,edb
@ -36,3 +41,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/weaver/ecology/ecology-syncuserinfo-sqli.yaml
View File

@ -1,11 +1,17 @@
id: ecology-syncuserinfo-sqli
info:
name: Ecology Syncuserinfo Sqli
name: Ecology Syncuserinfo - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: Ecology Syncuserinfo contains a SQL injection vulnerability via a GET request. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- https://www.weaver.com.cn/
- https://github.com/chaitin/xray/blob/master/pocs/ecology-syncuserinfo-sqli.yml
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
fofa-query: app="泛微-协同办公OA"
tags: ecology,sqli
@ -28,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

11
vulnerabilities/weaver/ecology/ecology-v8-sqli.yaml
View File

@ -1,11 +1,16 @@
id: ecology-v8-sqli
info:
name: Ecology V8 - SQL Injection
name: Ecology 8 - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: Ecology 8 contains a SQL injection vulnerability via a GET request. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
metadata:
fofa-query: app="泛微-协同办公OA"
tags: ecology,sqli
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/wordpress/age-gate-xss.yaml
View File

@ -1,14 +1,18 @@
id: age-gate-xss
info:
name: Age Gate < 2.20.4 - Cross-Site Scripting
name: WordPress Age Gate <2.20.4 - Cross-Site Scripting
author: akincibor,daffainfo
severity: medium
severity: high
description: |
The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
WordPress Age Gate plugin before 2.20.4 contains a cross-site scripting vulnerability. The plugin does not escape some URLs before outputting them back in attributes.
reference:
- https://wpscan.com/vulnerability/a13148fe-ffc9-4003-a44d-652624ba5535
- https://wordpress.org/plugins/age-gate/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
tags: xss,authenticated,age-gate,wpscan,wordpress,wp-plugin,wp
requests:
@ -42,3 +46,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28

12
vulnerabilities/yonyou/yonyou-u8-oa-sqli.yaml
View File

@ -1,11 +1,17 @@
id: yonyou-u8-oa-sqli
info:
name: Yonyou U8 OA Sqli
name: Yonyou U8 - SQL Injection
author: ritikchaddha
severity: high
severity: critical
description: Yonyou U8 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
reference:
- http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html
- https://www.tencentcloud.com/document/product/627/38435
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-89
tags: yonyou,oa,sqli
variables:
@ -26,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/09/28