diff --git a/cves/2020/CVE-2020-11455.yaml b/cves/2020/CVE-2020-11455.yaml index 2c352ad8f1..5f8cd7fa18 100644 --- a/cves/2020/CVE-2020-11455.yaml +++ b/cves/2020/CVE-2020-11455.yaml @@ -3,7 +3,7 @@ id: CVE-2020-11455 info: name: LimeSurvey 4.1.11 - Local File Inclusion author: daffainfo - severity: medium + severity: critical description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php. reference: - https://www.exploit-db.com/exploits/48297 @@ -12,8 +12,8 @@ info: - http://packetstormsecurity.com/files/157112/LimeSurvey-4.1.11-Path-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2020-11455 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-11455 cwe-id: CWE-22 tags: cve,cve2020,lfi diff --git a/cves/2022/CVE-2022-0594.yaml b/cves/2022/CVE-2022-0594.yaml index 067283356c..3baf8694e3 100644 --- a/cves/2022/CVE-2022-0594.yaml +++ b/cves/2022/CVE-2022-0594.yaml @@ -1,17 +1,21 @@ id: CVE-2022-0594 -info: - name: Shareaholic < 9.7.6 - Information Disclosure - author: atomiczsec - severity: low - description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. - reference: - - https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1 - - https://wordpress.org/plugins/shareaholic/ - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594 - metadata: - verified: true - tags: cve,cve2022,wordpress,wp,wp-plugin,exposure - +info: + name: Shareaholic < 9.7.6 - Information Disclosure + author: atomiczsec + severity: medium + description: The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. + reference: + - https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-b027466d29b1 + - https://wordpress.org/plugins/shareaholic/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0594 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2022-0594 + cwe-id: CWE-863 + metadata: + verified: "true" + tags: cve,cve2022,wordpress,wp,wp-plugin,exposure requests: - method: GET path: