remove version detection templates
parent
f82cf5b7ca
commit
2dea3f4a44
|
@ -1,53 +0,0 @@
|
|||
id: CVE-2022-31101
|
||||
|
||||
info:
|
||||
name: Prestashop Blockwishlist 2.1.0 SQL Injection
|
||||
author: mastercho
|
||||
severity: High
|
||||
description: |
|
||||
Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulnerability.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31101
|
||||
- https://github.com/PrestaShop/blockwishlist/security/advisories/GHSA-2jx3-5j9v-prpp
|
||||
- https://packetstormsecurity.com/files/168003/Prestashop-Blockwishlist-2.1.0-SQL-Injection.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2022-31101
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2022,prestashop,prestashop-module,sqli
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/modules/blockwishlist/config.xml"
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
- type: regex
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Wishlist block"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '<= 2.1.0')
|
|
@ -1,47 +0,0 @@
|
|||
id: CVE-2023-29629
|
||||
|
||||
info:
|
||||
name: Prestashop jmsthemelayout 2.5.5 SQL Injection
|
||||
author: mastercho
|
||||
severity: Critical
|
||||
description: |
|
||||
The module Jms Theme Layout (jmsthemelayout) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29629
|
||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmsthemelayout.html
|
||||
- https://www.tenable.com/cve/CVE-2023-29629
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-29629
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/modules/jmsthemelayout/config.xml"
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
- type: regex
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
condition: and
|
||||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '<= 2.5.5')
|
|
@ -1,53 +0,0 @@
|
|||
id: CVE-2023-29630
|
||||
|
||||
info:
|
||||
name: PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php
|
||||
author: mastercho
|
||||
severity: Critical
|
||||
description: |
|
||||
The module Jms Vertical MegaMenu (jmsvermegamenu) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29630
|
||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmsvermegamenu.html
|
||||
- https://www.tenable.com/cve/CVE-2023-29630
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-30150
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/modules/jmsmegamenu/config.xml"
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
- type: regex
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
condition: and
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "Jms MegaMenu"
|
||||
condition: and
|
||||
|
||||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '> 1.1.1', '< 2.0.9')
|
|
@ -1,47 +0,0 @@
|
|||
id: CVE-2023-29632
|
||||
|
||||
info:
|
||||
name: PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php
|
||||
author: mastercho
|
||||
severity: Critical
|
||||
description: |
|
||||
The module Jms Page Builder (jmspagebuilder) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joo masters PrestaShop themes
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29632
|
||||
- https://security.friendsofpresta.org/modules/2023/03/13/jmspagebuilder.html
|
||||
- https://www.tenable.com/cve/CVE-2023-29632
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-29632
|
||||
cwe-id: CWE-89
|
||||
tags: cve,cve2023,prestashop,prestashop-module,sqli
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/modules/jmspagebuilder/config.xml"
|
||||
extractors:
|
||||
- type: regex
|
||||
name: version
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
- type: regex
|
||||
group: 1
|
||||
regex:
|
||||
- "<version>\\s*<!\\[CDATA\\[(.*?)\\]\\]>\\s*<\\/version>"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
condition: and
|
||||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '<= 4.0')
|
Loading…
Reference in New Issue