remove version detection templates
parent
f82cf5b7ca
commit
2dea3f4a44
|
@ -1,53 +0,0 @@
|
||||||
id: CVE-2022-31101
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Prestashop Blockwishlist 2.1.0 SQL Injection
|
|
||||||
author: mastercho
|
|
||||||
severity: High
|
|
||||||
description: |
|
|
||||||
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability.
|
|
||||||
reference:
|
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31101
|
|
||||||
- https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
|
|
||||||
- https://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
|
||||||
cvss-score: 8.8
|
|
||||||
cve-id: CVE-2022-31101
|
|
||||||
cwe-id: CWE-89
|
|
||||||
tags: cve,cve2022,prestashop,prestashop-module,sqli
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
|
|
||||||
http:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/modules/blockwishlist/config.xml"
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: version
|
|
||||||
internal: true
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
- type: regex
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
|
|
||||||
- type: word
|
|
||||||
part: body
|
|
||||||
words:
|
|
||||||
- "Wishlist block"
|
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- compare_versions(version, '<= 2.1.0')
|
|
|
@ -1,47 +0,0 @@
|
||||||
id: CVE-2023-29629
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: Prestashop jmsthemelayout 2.5.5 SQL Injection
|
|
||||||
author: mastercho
|
|
||||||
severity: Critical
|
|
||||||
description: |
|
|
||||||
The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes.
|
|
||||||
reference:
|
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29629
|
|
||||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmsthemelayout.html
|
|
||||||
- https://www.tenable.com/cve/CVE-2023-29629
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
||||||
cvss-score: 9.8
|
|
||||||
cve-id: CVE-2023-29629
|
|
||||||
cwe-id: CWE-89
|
|
||||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
|
|
||||||
http:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/modules/jmsthemelayout/config.xml"
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: version
|
|
||||||
internal: true
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
- type: regex
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
condition: and
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- compare_versions(version, '<= 2.5.5')
|
|
|
@ -1,53 +0,0 @@
|
||||||
id: CVE-2023-29630
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php
|
|
||||||
author: mastercho
|
|
||||||
severity: Critical
|
|
||||||
description: |
|
|
||||||
The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
|
|
||||||
reference:
|
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29630
|
|
||||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmsvermegamenu.html
|
|
||||||
- https://www.tenable.com/cve/CVE-2023-29630
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
||||||
cvss-score: 9.8
|
|
||||||
cve-id: CVE-2023-30150
|
|
||||||
cwe-id: CWE-89
|
|
||||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
|
|
||||||
http:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/modules/jmsmegamenu/config.xml"
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: version
|
|
||||||
internal: true
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
- type: regex
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
condition: and
|
|
||||||
- type: word
|
|
||||||
part: body
|
|
||||||
words:
|
|
||||||
- "Jms MegaMenu"
|
|
||||||
condition: and
|
|
||||||
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- compare_versions(version, '> 1.1.1', '< 2.0.9')
|
|
|
@ -1,47 +0,0 @@
|
||||||
id: CVE-2023-29632
|
|
||||||
|
|
||||||
info:
|
|
||||||
name: PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php
|
|
||||||
author: mastercho
|
|
||||||
severity: Critical
|
|
||||||
description: |
|
|
||||||
The module Jms Page Builder (jmspagebuilder) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
|
|
||||||
reference:
|
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29632
|
|
||||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmspagebuilder.html
|
|
||||||
- https://www.tenable.com/cve/CVE-2023-29632
|
|
||||||
classification:
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
||||||
cvss-score: 9.8
|
|
||||||
cve-id: CVE-2023-29632
|
|
||||||
cwe-id: CWE-89
|
|
||||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
|
||||||
metadata:
|
|
||||||
max-request: 1
|
|
||||||
|
|
||||||
http:
|
|
||||||
- method: GET
|
|
||||||
path:
|
|
||||||
- "{{BaseURL}}/modules/jmspagebuilder/config.xml"
|
|
||||||
extractors:
|
|
||||||
- type: regex
|
|
||||||
name: version
|
|
||||||
internal: true
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
- type: regex
|
|
||||||
group: 1
|
|
||||||
regex:
|
|
||||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
|
||||||
|
|
||||||
matchers-condition: and
|
|
||||||
matchers:
|
|
||||||
- type: status
|
|
||||||
status:
|
|
||||||
- 200
|
|
||||||
condition: and
|
|
||||||
- type: dsl
|
|
||||||
dsl:
|
|
||||||
- compare_versions(version, '<= 4.0')
|
|
Loading…
Reference in New Issue