daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

remove version detection templates

patch-1
Dhiyaneshwaran 2023-08-17 12:30:13 +05:30
parent f82cf5b7ca
commit 2dea3f4a44
4 changed files with 0 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
http/cves/2022/CVE-2022-31101.yaml
View File

@ -1,53 +0,0 @@
id: CVE-2022-31101
info:
name: Prestashop Blockwishlist 2.1.0 SQL Injection
author: mastercho
severity: High
description: |
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31101
- https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
- https://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2022-31101
cwe-id: CWE-89
tags: cve,cve2022,prestashop,prestashop-module,sqli
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/modules/blockwishlist/config.xml"
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
- type: regex
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "Wishlist block"
condition: and
- type: dsl
dsl:
- compare_versions(version, '<= 2.1.0')

47
http/cves/2023/CVE-2023-29629.yaml
View File

@ -1,47 +0,0 @@
id: CVE-2023-29629
info:
name: Prestashop jmsthemelayout 2.5.5 SQL Injection
author: mastercho
severity: Critical
description: |
The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29629
- https://security.friendsofpresta.org/modules/2023/03/13/jmsthemelayout.html
- https://www.tenable.com/cve/CVE-2023-29629
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-29629
cwe-id: CWE-89
tags: cve,cve2023,prestashop,prestashop-module,sqli
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/modules/jmsthemelayout/config.xml"
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
- type: regex
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
matchers-condition: and
matchers:
- type: status
status:
- 200
condition: and
- type: dsl
dsl:
- compare_versions(version, '<= 2.5.5')

53
http/cves/2023/CVE-2023-29630.yaml
View File

@ -1,53 +0,0 @@
id: CVE-2023-29630
info:
name: PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php
author: mastercho
severity: Critical
description: |
The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29630
- https://security.friendsofpresta.org/modules/2023/03/13/jmsvermegamenu.html
- https://www.tenable.com/cve/CVE-2023-29630
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-30150
cwe-id: CWE-89
tags: cve,cve2023,prestashop,prestashop-module,sqli
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/modules/jmsmegamenu/config.xml"
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
- type: regex
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
matchers-condition: and
matchers:
- type: status
status:
- 200
condition: and
- type: word
part: body
words:
- "Jms MegaMenu"
condition: and
- type: dsl
dsl:
- compare_versions(version, '> 1.1.1', '< 2.0.9')

47
http/cves/2023/CVE-2023-29632.yaml
View File

@ -1,47 +0,0 @@
id: CVE-2023-29632
info:
name: PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php
author: mastercho
severity: Critical
description: |
The module Jms Page Builder (jmspagebuilder) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29632
- https://security.friendsofpresta.org/modules/2023/03/13/jmspagebuilder.html
- https://www.tenable.com/cve/CVE-2023-29632
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-29632
cwe-id: CWE-89
tags: cve,cve2023,prestashop,prestashop-module,sqli
metadata:
max-request: 1
http:
- method: GET
path:
- "{{BaseURL}}/modules/jmspagebuilder/config.xml"
extractors:
- type: regex
name: version
internal: true
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
- type: regex
group: 1
regex:
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
matchers-condition: and
matchers:
- type: status
status:
- 200
condition: and
- type: dsl
dsl:
- compare_versions(version, '<= 4.0')