Merge branch 'main' into princechaddha-patch-2

2023-05-11 14:04:17 +05:30 · 2023-05-11 14:04:17 +05:30 · 355d9ff724
parent 59ac982c42 66182f201f
commit 355d9ff724
5724 changed files with 20957 additions and 6017 deletions
--- a/.github/workflows/cve2json.yml
+++ b/.github/workflows/cve2json.yml
@ -23,7 +23,7 @@ jobs:
        run: |
           go env -w GO111MODULE=off
           go get gopkg.in/yaml.v3
-           go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/cves/ cves.json
+           go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json
           md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt
          
      - name: Commit files
--- a/.new-additions
+++ b/.new-additions
@ -1,15 +1,52 @@
+file/keys/postman-api-key.yaml
+headless/technologies/sap-spartacus.yaml
+http/cves/2017/CVE-2017-17731.yaml
 http/cves/2020/CVE-2020-27481.yaml
+http/cves/2021/CVE-2021-27314.yaml
+http/cves/2021/CVE-2021-27315.yaml
+http/cves/2021/CVE-2021-27316.yaml
+http/cves/2021/CVE-2021-27319.yaml
+http/cves/2021/CVE-2021-27320.yaml
 http/cves/2021/CVE-2021-30175.yaml
 http/cves/2021/CVE-2021-44228.yaml
+http/cves/2022/CVE-2022-24264.yaml
+http/cves/2022/CVE-2022-24265.yaml
+http/cves/2022/CVE-2022-24266.yaml
+http/cves/2022/CVE-2022-24716.yaml
+http/cves/2022/CVE-2022-27984.yaml
+http/cves/2022/CVE-2022-27985.yaml
+http/cves/2022/CVE-2022-3980.yaml
+http/cves/2022/CVE-2022-42095.yaml
+http/cves/2022/CVE-2022-42096.yaml
+http/cves/2022/CVE-2022-4328.yaml
+http/cves/2022/CVE-2022-45037.yaml
+http/cves/2022/CVE-2022-45038.yaml
+http/cves/2022/CVE-2022-46020.yaml
+http/cves/2023/CVE-2023-1020.yaml
 http/cves/2023/CVE-2023-1671.yaml
 http/cves/2023/CVE-2023-20864.yaml
+http/cves/2023/CVE-2023-25135.yaml
+http/cves/2023/CVE-2023-26360.yaml
 http/cves/2023/CVE-2023-27350.yaml
 http/cves/2023/CVE-2023-27524.yaml
 http/cves/2023/CVE-2023-29489.yaml
 http/cves/2023/CVE-2023-29922.yaml
+http/cves/2023/CVE-2023-30210.yaml
+http/cves/2023/CVE-2023-30212.yaml
+http/cves/2023/CVE-2023-31059.yaml
+http/cves/2023/CVE-2023-32235.yaml
 http/default-logins/powerjob-default-login.yaml
+http/default-logins/umami/umami-default-login.yaml
+http/exposed-panels/oracle-opera-login.yaml
 http/exposed-panels/papercut-ng-panel.yaml
 http/exposed-panels/proxmox-panel.yaml
+http/exposed-panels/red-lion-panel.yaml
 http/exposed-panels/sophos-web-appliance.yaml
+http/exposures/tokens/postman/postman-key.yaml
+http/misconfiguration/apache/apache-zeppelin-unauth.yaml
 http/osint/mail-archive.yaml
+http/technologies/wordpress/plugins/gdpr-cookie-compliance.yaml
 http/vulnerabilities/apache/apache-druid-kafka-connect-rce.yaml
+http/vulnerabilities/wordpress/advanced-booking-calendar-sqli.yaml
+http/vulnerabilities/wordpress/wp-autosuggest-sql-injection.yaml
+http/vulnerabilities/wordpress/wpml-xss.yaml
--- a/cves.json
+++ b/cves.json
--- a/cves.json-checksum.txt
+++ b/cves.json-checksum.txt
@ -1 +1 @@
-d41d8cd98f00b204e9800998ecf8427e
+007505eab9adec1b628522c2675730ee
--- a/dns/azure-takeover-detection.yaml
+++ b/dns/azure-takeover-detection.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 7.2
    cwe-id: CWE-404
  tags: dns,takeover,azure
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/caa-fingerprint.yaml
+++ b/dns/caa-fingerprint.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,caa
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/cname-fingerprint.yaml
+++ b/dns/cname-fingerprint.yaml
@ -11,6 +11,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,cname
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/cname-service.yaml
+++ b/dns/cname-service.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,service
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/detect-dangling-cname.yaml
+++ b/dns/detect-dangling-cname.yaml
@ -13,6 +13,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,takeover
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/dmarc-detect.yaml
+++ b/dns/dmarc-detect.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 0.0
    cwe-id: CWE-200
  tags: dns,dmarc
+  metadata:
+    max-request: 1

 dns:
  - name: "_dmarc.{{FQDN}}"
--- a/dns/dns-waf-detect.yaml
+++ b/dns/dns-waf-detect.yaml
@ -8,6 +8,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: tech,waf,dns
+  metadata:
+    max-request: 2

 dns:
  - name: "{{FQDN}}"
--- a/dns/dnssec-detection.yaml
+++ b/dns/dnssec-detection.yaml
@ -11,6 +11,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,dnssec
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/ec2-detection.yaml
+++ b/dns/ec2-detection.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,ec2,aws
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/elasticbeantalk-takeover.yaml
+++ b/dns/elasticbeantalk-takeover.yaml
@ -15,6 +15,7 @@ info:
    cvss-score: 7.2
    cwe-id: CWE-404
  metadata:
+    max-request: 1
    comments: |
      Only CNAMEs with region specification are hijackable.
      You need to claim the CNAME in AWS portal (https://aws.amazon.com/) or via AWS CLI to confirm the takeover.
--- a/dns/mx-fingerprint.yaml
+++ b/dns/mx-fingerprint.yaml
@ -11,6 +11,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,mx
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/mx-service-detector.yaml
+++ b/dns/mx-service-detector.yaml
@ -8,6 +8,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,service
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/nameserver-fingerprint.yaml
+++ b/dns/nameserver-fingerprint.yaml
@ -8,6 +8,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,ns
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/ptr-fingerprint.yaml
+++ b/dns/ptr-fingerprint.yaml
@ -8,6 +8,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,ptr
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/servfail-refused-hosts.yaml
+++ b/dns/servfail-refused-hosts.yaml
@ -9,6 +9,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,takeover
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/spoofable-spf-records-ptr.yaml
+++ b/dns/spoofable-spf-records-ptr.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,spf
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/txt-fingerprint.yaml
+++ b/dns/txt-fingerprint.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,txt
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/dns/worksites-detection.yaml
+++ b/dns/worksites-detection.yaml
@ -10,6 +10,8 @@ info:
  classification:
    cwe-id: CWE-200
  tags: dns,service
+  metadata:
+    max-request: 1

 dns:
  - name: "{{FQDN}}"
--- a/file/keys/postman-api-key.yaml
+++ b/file/keys/postman-api-key.yaml
@ -0,0 +1,22 @@
+id: postman-api-key
+
+info:
+  name: Postman API Key
+  author: DhiyaneshDK
+  severity: info
+  reference:
+    - https://github.com/praetorian-inc/noseyparker/blob/main/crates/noseyparker/data/default/rules/postman.yml
+    - https://learning.postman.com/docs/developer/intro-api/
+  metadata:
+    verified: "true"
+  tags: postman,keys,file,token
+
+file:
+  - extensions:
+      - all
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - '\b(PMAK-[a-zA-Z0-9]{24}-[a-zA-Z0-9]{34})\b'
--- a/headless/technologies/sap-spartacus.yaml
+++ b/headless/technologies/sap-spartacus.yaml
@ -0,0 +1,32 @@
+id: sap-spartacus
+
+info:
+  name: SAP Spartacus detect
+  author: TechbrunchFR
+  severity: info
+  description: Spartacus is a lean, Angular-based JavaScript storefront for SAP Commerce Cloud that communicates exclusively through the Commerce REST API.
+  reference:
+    - https://github.com/SAP/spartacus
+  metadata:
+    verified: true
+  tags: tech,sap,hybris,angular,spartacus,headless
+
+headless:
+  - steps:
+      - action: navigate
+        args:
+          url: "{{BaseURL}}"
+
+      - action: waitload
+
+    matchers-condition: and
+    matchers:
+      - part: body
+        type: word
+        words:
+          - "<cx-storefront"
+
+      - part: body
+        type: word
+        words:
+          - "ng-version="
--- a/helpers/wordpress/plugins/advanced-custom-fields.txt
+++ b/helpers/wordpress/plugins/advanced-custom-fields.txt
@ -1 +1 @@
-6.1.4
+6.1.6
--- a/helpers/wordpress/plugins/all-in-one-wp-migration.txt
+++ b/helpers/wordpress/plugins/all-in-one-wp-migration.txt
@ -1 +1 @@
-7.73
+7.74
--- a/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt
+++ b/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt
@ -1 +1 @@
-3.27.1
+3.27.2
--- a/helpers/wordpress/plugins/complianz-gdpr.txt
+++ b/helpers/wordpress/plugins/complianz-gdpr.txt
@ -1 +1 @@
-6.4.3
+6.4.4
--- a/helpers/wordpress/plugins/duplicate-page.txt
+++ b/helpers/wordpress/plugins/duplicate-page.txt
@ -1 +1 @@
-4.5.1
+4.5.2
--- a/helpers/wordpress/plugins/duplicator.txt
+++ b/helpers/wordpress/plugins/duplicator.txt
@ -1 +1 @@
-1.5.3.1
+1.5.4
--- a/helpers/wordpress/plugins/elementor.txt
+++ b/helpers/wordpress/plugins/elementor.txt
@ -1 +1 @@
-3.12.2
+3.13.1
--- a/helpers/wordpress/plugins/elementskit-lite.txt
+++ b/helpers/wordpress/plugins/elementskit-lite.txt
@ -1 +1 @@
-2.8.7
+2.8.8
--- a/helpers/wordpress/plugins/facebook-for-woocommerce.txt
+++ b/helpers/wordpress/plugins/facebook-for-woocommerce.txt
@ -1 +1 @@
-3.0.19
+3.0.23
--- a/helpers/wordpress/plugins/formidable.txt
+++ b/helpers/wordpress/plugins/formidable.txt
@ -1 +1 @@
-6.2.3
+6.3
--- a/helpers/wordpress/plugins/gdpr-cookie-compliance.txt
+++ b/helpers/wordpress/plugins/gdpr-cookie-compliance.txt
@ -0,0 +1 @@
+4.12.2
--- a/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
+++ b/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt
@ -1 +1 @@
-7.14.2
+7.15.2
--- a/helpers/wordpress/plugins/google-listings-and-ads.txt
+++ b/helpers/wordpress/plugins/google-listings-and-ads.txt
@ -1 +1 @@
-2.4.3
+2.4.5
--- a/helpers/wordpress/plugins/gutenberg.txt
+++ b/helpers/wordpress/plugins/gutenberg.txt
@ -1 +1 @@
-15.6.2
+15.7.1
--- a/helpers/wordpress/plugins/insert-headers-and-footers.txt
+++ b/helpers/wordpress/plugins/insert-headers-and-footers.txt
@ -1 +1 @@
-2.0.10
+2.0.11
--- a/helpers/wordpress/plugins/jetpack.txt
+++ b/helpers/wordpress/plugins/jetpack.txt
@ -1 +1 @@
-12.0
+12.1
--- a/helpers/wordpress/plugins/kadence-blocks.txt
+++ b/helpers/wordpress/plugins/kadence-blocks.txt
@ -1 +1 @@
-3.0.36
+3.0.37
--- a/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt
+++ b/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt
@ -1 +1 @@
-2.25.15
+2.25.16
--- a/helpers/wordpress/plugins/loginpress.txt
+++ b/helpers/wordpress/plugins/loginpress.txt
@ -1 +1 @@
-1.7.0
+1.7.1
--- a/helpers/wordpress/plugins/mailchimp-for-wp.txt
+++ b/helpers/wordpress/plugins/mailchimp-for-wp.txt
@ -1 +1 @@
-4.9.3
+4.9.4
--- a/helpers/wordpress/plugins/mailpoet.txt
+++ b/helpers/wordpress/plugins/mailpoet.txt
@ -1 +1 @@
-4.13.0
+4.15.0
--- a/helpers/wordpress/plugins/mainwp-child.txt
+++ b/helpers/wordpress/plugins/mainwp-child.txt
@ -1 +1 @@
-4.4.1
+4.4.1.1
--- a/helpers/wordpress/plugins/megamenu.txt
+++ b/helpers/wordpress/plugins/megamenu.txt
@ -1 +1 @@
-3.2.1
+3.2.2
--- a/helpers/wordpress/plugins/ml-slider.txt
+++ b/helpers/wordpress/plugins/ml-slider.txt
@ -1 +1 @@
-3.30.0
+3.30.1
--- a/helpers/wordpress/plugins/nextend-facebook-connect.txt
+++ b/helpers/wordpress/plugins/nextend-facebook-connect.txt
@ -1 +1 @@
-3.1.7
+3.1.8
--- a/helpers/wordpress/plugins/nextgen-gallery.txt
+++ b/helpers/wordpress/plugins/nextgen-gallery.txt
@ -1 +1 @@
-3.35
+3.36
--- a/helpers/wordpress/plugins/php-compatibility-checker.txt
+++ b/helpers/wordpress/plugins/php-compatibility-checker.txt
@ -1 +1 @@
-1.6.1
+1.6.2
--- a/helpers/wordpress/plugins/post-smtp.txt
+++ b/helpers/wordpress/plugins/post-smtp.txt
@ -1 +1 @@
-2.4.9
+2.5.1
--- a/helpers/wordpress/plugins/premium-addons-for-elementor.txt
+++ b/helpers/wordpress/plugins/premium-addons-for-elementor.txt
@ -1 +1 @@
-4.9.54
+4.9.55
--- a/helpers/wordpress/plugins/really-simple-ssl.txt
+++ b/helpers/wordpress/plugins/really-simple-ssl.txt
@ -1 +1 @@
-6.2.4
+6.2.5
--- a/helpers/wordpress/plugins/seo-by-rank-math.txt
+++ b/helpers/wordpress/plugins/seo-by-rank-math.txt
@ -1 +1 @@
-1.0.112
+1.0.114
--- a/helpers/wordpress/plugins/sg-security.txt
+++ b/helpers/wordpress/plugins/sg-security.txt
@ -1 +1 @@
-1.4.3
+1.4.5
--- a/helpers/wordpress/plugins/shortpixel-image-optimiser.txt
+++ b/helpers/wordpress/plugins/shortpixel-image-optimiser.txt
@ -1 +1 @@
-5.2.1
+5.2.2
--- a/helpers/wordpress/plugins/siteorigin-panels.txt
+++ b/helpers/wordpress/plugins/siteorigin-panels.txt
@ -1 +1 @@
-2.21.1
+2.22.1
--- a/helpers/wordpress/plugins/so-widgets-bundle.txt
+++ b/helpers/wordpress/plugins/so-widgets-bundle.txt
@ -1 +1 @@
-1.49.1
+1.49.2
--- a/helpers/wordpress/plugins/the-events-calendar.txt
+++ b/helpers/wordpress/plugins/the-events-calendar.txt
@ -1 +1 @@
-6.0.12
+6.0.13
--- a/helpers/wordpress/plugins/translatepress-multilingual.txt
+++ b/helpers/wordpress/plugins/translatepress-multilingual.txt
@ -1 +1 @@
-2.5.1
+2.5.2
--- a/helpers/wordpress/plugins/w3-total-cache.txt
+++ b/helpers/wordpress/plugins/w3-total-cache.txt
@ -1 +1 @@
-2.3.1
+2.3.2
--- a/helpers/wordpress/plugins/widget-importer-exporter.txt
+++ b/helpers/wordpress/plugins/widget-importer-exporter.txt
@ -1 +1 @@
-1.6
+1.6.1
--- a/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt
+++ b/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt
@ -1 +1 @@
-7.3.0
+7.4.0
--- a/helpers/wordpress/plugins/woocommerce-payments.txt
+++ b/helpers/wordpress/plugins/woocommerce-payments.txt
@ -1 +1 @@
-5.8.0
+5.8.1
--- a/helpers/wordpress/plugins/woocommerce.txt
+++ b/helpers/wordpress/plugins/woocommerce.txt
@ -1 +1 @@
-7.6.1
+7.7.0
--- a/helpers/wordpress/plugins/wordpress-seo.txt
+++ b/helpers/wordpress/plugins/wordpress-seo.txt
@ -1 +1 @@
-20.6
+20.7
--- a/helpers/wordpress/plugins/wp-file-manager.txt
+++ b/helpers/wordpress/plugins/wp-file-manager.txt
@ -1 +1 @@
-7.1.8
+7.1.9
--- a/helpers/wordpress/plugins/wp-optimize.txt
+++ b/helpers/wordpress/plugins/wp-optimize.txt
@ -1 +1 @@
-3.2.14
+3.2.15
--- a/helpers/wordpress/plugins/wp-pagenavi.txt
+++ b/helpers/wordpress/plugins/wp-pagenavi.txt
@ -1 +1 @@
-2.94.0
+2.94.1
--- a/helpers/wordpress/plugins/wp-statistics.txt
+++ b/helpers/wordpress/plugins/wp-statistics.txt
@ -1 +1 @@
-14.0.2
+14.1
--- a/helpers/wordpress/plugins/wp-user-avatar.txt
+++ b/helpers/wordpress/plugins/wp-user-avatar.txt
@ -1 +1 @@
-4.10.1
+4.10.2
--- a/helpers/wordpress/plugins/yith-woocommerce-compare.txt
+++ b/helpers/wordpress/plugins/yith-woocommerce-compare.txt
@ -1 +1 @@
-2.25.0
+2.26.0
--- a/http/cnvd/2017/CNVD-2017-03561.yaml
+++ b/http/cnvd/2017/CNVD-2017-03561.yaml
@ -10,6 +10,7 @@ info:
    - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md
    - https://reconshell.com/vulnerability-research-list/
  metadata:
+    max-request: 2
    verified: true
    fofa-query: app="泛微-eMobile"
  tags: cnvd,cnvd2017,emobile,ognl,fanwei
--- a/http/cnvd/2018/CNVD-2018-13393.yaml
+++ b/http/cnvd/2018/CNVD-2018-13393.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 8.6
    cwe-id: CWE-22
  tags: metinfo,cnvd,cvnd2018,lfi
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2019/CNVD-2019-01348.yaml
+++ b/http/cnvd/2019/CNVD-2019-01348.yaml
@ -13,6 +13,8 @@ info:
    cwe-id: CWE-284
  remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product.
  tags: xiuno,cnvd,cnvd2019
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2019/CNVD-2019-06255.yaml
+++ b/http/cnvd/2019/CNVD-2019-06255.yaml
@ -14,6 +14,8 @@ info:
    cwe-id: CWE-77
  remediation: Upgrade to CatfishCMS version 4.8.54 or later.
  tags: rce,cnvd,catfishcms,cnvd2019
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2019/CNVD-2019-19299.yaml
+++ b/http/cnvd/2019/CNVD-2019-19299.yaml
@ -13,6 +13,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: zhiyuan,cnvd,cnvd2019,rce
+  metadata:
+    max-request: 2

 http:
  - raw:
--- a/http/cnvd/2019/CNVD-2019-32204.yaml
+++ b/http/cnvd/2019/CNVD-2019-32204.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: fanwei,cnvd,cnvd2019,rce
+  metadata:
+    max-request: 1

 http:
  - raw:
--- a/http/cnvd/2020/CNVD-2020-23735.yaml
+++ b/http/cnvd/2020/CNVD-2020-23735.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: xunchi,lfi,cnvd,cnvd2020
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2020/CNVD-2020-26585.yaml
+++ b/http/cnvd/2020/CNVD-2020-26585.yaml
@ -15,6 +15,7 @@ info:
    cvss-score: 9.9
    cwe-id: CWE-434
  metadata:
+    max-request: 2
    verified: true
    fofa-query: app="ShowDoc"
  tags: cnvd,cnvd2020,showdoc,fileupload
--- a/http/cnvd/2020/CNVD-2020-46552.yaml
+++ b/http/cnvd/2020/CNVD-2020-46552.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: cnvd,cnvd2020,sangfor,rce
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2020/CNVD-2020-56167.yaml
+++ b/http/cnvd/2020/CNVD-2020-56167.yaml
@ -9,6 +9,8 @@ info:
    - https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167
    - https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner
  tags: ruijie,default-login,cnvd,cnvd2020
+  metadata:
+    max-request: 1

 http:
  - method: POST
--- a/http/cnvd/2020/CNVD-2020-62422.yaml
+++ b/http/cnvd/2020/CNVD-2020-62422.yaml
@ -8,6 +8,8 @@ info:
  reference:
    - https://blog.csdn.net/m0_46257936/article/details/113150699
  tags: lfi,cnvd,cnvd2020,seeyon
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2020/CNVD-2020-67113.yaml
+++ b/http/cnvd/2020/CNVD-2020-67113.yaml
@ -12,6 +12,7 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-425
  metadata:
+    max-request: 2
    verified: true
    shodan-query: http.title:"H5S CONSOLE"
  tags: cnvd,cnvd2020,h5s,unauth,h5sconsole
--- a/http/cnvd/2020/CNVD-2020-68596.yaml
+++ b/http/cnvd/2020/CNVD-2020-68596.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 8.6
    cwe-id: CWE-22
  tags: weiphp,lfi,cnvd,cnvd2020
+  metadata:
+    max-request: 3

 http:
  - raw:
--- a/http/cnvd/2021/CNVD-2021-01931.yaml
+++ b/http/cnvd/2021/CNVD-2021-01931.yaml
@ -12,6 +12,8 @@ info:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
    cwe-id: CWE-22
+  metadata:
+    max-request: 2

 http:
  - method: GET
--- a/http/cnvd/2021/CNVD-2021-09650.yaml
+++ b/http/cnvd/2021/CNVD-2021-09650.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: ruijie,cnvd,cnvd2021,rce
+  metadata:
+    max-request: 1

 http:
  - raw:
--- a/http/cnvd/2021/CNVD-2021-10543.yaml
+++ b/http/cnvd/2021/CNVD-2021-10543.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 7.5
    cwe-id: CWE-200
  tags: config,exposure,cnvd,cnvd2021
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2021/CNVD-2021-14536.yaml
+++ b/http/cnvd/2021/CNVD-2021-14536.yaml
@ -12,6 +12,7 @@ info:
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
+    max-request: 1
    fofa-query: title="RG-UAC登录页面"
  tags: ruijie,cnvd,cnvd2021,disclosure

--- a/http/cnvd/2021/CNVD-2021-15822.yaml
+++ b/http/cnvd/2021/CNVD-2021-15822.yaml
@ -7,6 +7,7 @@ info:
  reference:
    - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
  metadata:
+    max-request: 1
    verified: true
    shodan-query: title:"ShopXO企业级B2C电商系统提供商"
    fofa-query: app="ShopXO企业级B2C电商系统提供商"
--- a/http/cnvd/2021/CNVD-2021-15824.yaml
+++ b/http/cnvd/2021/CNVD-2021-15824.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 7.2
    cwe-id: CWE-79
  tags: empirecms,cnvd,cnvd2021,xss,domxss
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2021/CNVD-2021-17369.yaml
+++ b/http/cnvd/2021/CNVD-2021-17369.yaml
@ -12,6 +12,8 @@ info:
    cvss-score: 8.3
    cwe-id: CWE-522
  tags: ruijie,disclosure,cnvd,cnvd2021
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/http/cnvd/2021/CNVD-2021-26422.yaml
+++ b/http/cnvd/2021/CNVD-2021-26422.yaml
@ -13,6 +13,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: eyoumail,rce,cnvd,cnvd2021
+  metadata:
+    max-request: 1

 http:
  - raw:
--- a/http/cnvd/2021/CNVD-2021-28277.yaml
+++ b/http/cnvd/2021/CNVD-2021-28277.yaml
@ -9,6 +9,7 @@ info:
    - https://www.aisoutu.com/a/1432457
    - https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
  metadata:
+    max-request: 2
    fofa-query: app="Landray OA system"
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
--- a/http/cnvd/2021/CNVD-2021-30167.yaml
+++ b/http/cnvd/2021/CNVD-2021-30167.yaml
@ -14,6 +14,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: cnvd,cnvd2021,beanshell,rce,yonyou
+  metadata:
+    max-request: 2

 http:
  - raw:
--- a/http/cnvd/2021/CNVD-2021-49104.yaml
+++ b/http/cnvd/2021/CNVD-2021-49104.yaml
@ -14,6 +14,8 @@ info:
    cwe-id: CWE-434
  remediation: Pan Wei has released an update to resolve this vulnerability.
  tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive
+  metadata:
+    max-request: 2

 http:
  - raw:
--- a/http/cnvd/2022/CNVD-2022-03672.yaml
+++ b/http/cnvd/2022/CNVD-2022-03672.yaml
@ -15,6 +15,8 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-77
  tags: cnvd,cnvd2020,sunflower,rce
+  metadata:
+    max-request: 2

 http:
  - raw:
--- a/http/cnvd/2022/CNVD-2022-42853.yaml
+++ b/http/cnvd/2022/CNVD-2022-42853.yaml
@ -14,6 +14,7 @@ info:
    cvss-score: 10.0
    cwe-id: CWE-89
  metadata:
+    max-request: 1
    verified: true
    shodan-query: http.title:"zentao"
    fofa-query: "Zentao"
--- a/http/cves/2000/CVE-2000-0114.yaml
+++ b/http/cves/2000/CVE-2000-0114.yaml
@ -15,6 +15,8 @@ info:
    cvss-score: 5.0
  remediation: Upgrade to the latest version.
  tags: cve,cve2000,frontpage,microsoft,edb
+  metadata:
+    max-request: 1

 http:
  - method: GET
--- a/Show More
+++ b/Show More
 @ -1 +1 @@
 .1.4
 .1.6
 @ -1 +1 @@
 .73
 .74
 @ -1 +1 @@
 .27.1
 .27.2
 @ -1 +1 @@
 .4.3
 .4.4
 @ -1 +1 @@
 .5.1
 .5.2
 @ -1 +1 @@
 .5.3.1
 .5.4
 @ -1 +1 @@
 .12.2
 .13.1
 @ -1 +1 @@
 .8.7
 .8.8
 @ -1 +1 @@
 .0.19
 .0.23
 @ -1 +1 @@
 .2.3
 .3