Auto Generated cves.json [Fri Feb 17 11:59:44 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-17 11:59:44 +00:00
parent b222a91b41
commit 33cc6e0eef
1 changed files with 2 additions and 1 deletions

View File

@ -538,6 +538,7 @@
{"ID":"CVE-2018-5316","Info":{"Name":"WordPress SagePay Server Gateway for WooCommerce \u003c1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress SagePay Server Gateway for WooCommerce before 1.0.9 is vulnerable to cross-site scripting via the includes/pages/redirect.php page parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-5316.yaml"}
{"ID":"CVE-2018-5715","Info":{"Name":"SugarCRM 3.5.1 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string (aka a $key variable).","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-5715.yaml"}
{"ID":"CVE-2018-6008","Info":{"Name":"Joomla! Jtag Members Directory 5.3.7 - Local File Inclusion","Severity":"high","Description":"Joomla! Jtag Members Directory 5.3.7 is vulnerable to local file inclusion via the download_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6008.yaml"}
{"ID":"CVE-2018-6184","Info":{"Name":"ZEIT Next.js Framework Path Traversal","Severity":"high","Description":"ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6184.yaml"}
{"ID":"CVE-2018-6200","Info":{"Name":"vBulletin - Open Redirect","Severity":"medium","Description":"vBulletin 3.x.x and 4.2.x through 4.2.5 contains an open redirect vulnerability via the redirector.php URL parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2018/CVE-2018-6200.yaml"}
{"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2018/CVE-2018-6910.yaml"}
{"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2018/CVE-2018-7251.yaml"}
@ -1420,7 +1421,7 @@
{"ID":"CVE-2022-2488","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlist_sync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-2488.yaml"}
{"ID":"CVE-2022-24899","Info":{"Name":"Contao \u003c4.13.3 - Cross-Site Scripting","Severity":"medium","Description":"Contao prior to 4.13.3 contains a cross-site scripting vulnerability. It is possible to inject arbitrary JavaScript code into the canonical tag.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-24899.yaml"}
{"ID":"CVE-2022-24900","Info":{"Name":"Piano LED Visualizer 1.3 - Local File Inclusion","Severity":"high","Description":"Piano LED Visualizer 1.3 and prior are vulnerable to local file inclusion.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"cves/2022/CVE-2022-24900.yaml"}
{"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"medium","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2022/CVE-2022-24990.yaml"}
{"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"high","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-24990.yaml"}
{"ID":"CVE-2022-25082","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2022/CVE-2022-25082.yaml"}
{"ID":"CVE-2022-25216","Info":{"Name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","Severity":"high","Description":"DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2022/CVE-2022-25216.yaml"}
{"ID":"CVE-2022-25323","Info":{"Name":"ZEROF Web Server 2.0 - Cross-Site Scripting","Severity":"medium","Description":"ZEROF Web Server 2.0 allows /admin.back cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2022/CVE-2022-25323.yaml"}