daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Auto Generated CVE annotations [Sat Jul 30 08:43:08 UTC 2022] 🤖

patch-1
GitHub Action 2022-07-30 08:43:08 +00:00
parent 220c5f1ecd
commit 2ec4873688
2 changed files with 20 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cves/2020/CVE-2020-11455.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2020-11455
info:
name: LimeSurvey 4.1.11 - Local File Inclusion
author: daffainfo
severity: medium
severity: critical
description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
reference:
- https://www.exploit-db.com/exploits/48297
@ -12,8 +12,8 @@ info:
- http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-11455
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-11455
cwe-id: CWE-22
tags: cve,cve2020,lfi

30
cves/2022/CVE-2022-0594.yaml
View File

@ -1,17 +1,21 @@
id: CVE-2022-0594
info:
name: Shareaholic < 9.7.6 - Information Disclosure
author: atomiczsec
severity: low
description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
reference:
- https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
- https://wordpress.org/plugins/shareaholic/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594
metadata:
verified: true
tags: cve,cve2022,wordpress,wp,wp-plugin,exposure
info:
name: Shareaholic < 9.7.6 - Information Disclosure
author: atomiczsec
severity: medium
description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
reference:
- https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1
- https://wordpress.org/plugins/shareaholic/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2022-0594
cwe-id: CWE-863
metadata:
verified: "true"
tags: cve,cve2022,wordpress,wp,wp-plugin,exposure
requests:
- method: GET
path: