daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1606 from nrathaus/master 

Description / Spelling
patch-1
Prince Chaddha 2021-06-02 13:10:50 +05:30 committed by GitHub
parent a3d956e0a0 e3f42066bf
commit 3202a0dd65
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2020/CVE-2020-36112.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2020-36112
info:
name: CSE Bookstore 1.0 SQL Injection
author: geeknik
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successfull exploitation of this vulnerability will lead to an attacker dumping the entire database.
description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.
reference: |
- https://www.exploit-db.com/exploits/49314
- https://www.tenable.com/cve/CVE-2020-36112

1
vulnerabilities/other/kafdrop-xss.yaml
View File

@ -5,6 +5,7 @@ info:
author: dhiyaneshDk
severity: medium
tags: kafdrop,xss
description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or Javascript into the response returned by the server.
reference: https://github.com/HomeAdvisor/Kafdrop/issues/12
requests: