Enhancement: cves/2022/CVE-2022-31854.yaml by md

cves/2022/CVE-2022-31854.yaml

@@ -1,16 +1,16 @@
 id: CVE-2022-31854
 
 info:
-  name: CodoForum v5.1 - Remote Code Execution
+  name: Codoforum 5.1 - Arbitrary File Upload
   author: theamanrawat
   severity: high
   description: |
-    Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.
+    Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
   reference:
     - https://bitbucket.org/evnix/codoforum_downloads/downloads/codoforum.v.5.1.zip
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-31854
     - https://codoforum.com
     - https://vikaran101.medium.com/codoforum-v5-1-authenticated-rce-my-first-cve-f49e19b8bc
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-31854
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 7.2
@@ -49,7 +49,6 @@ requests:
         ------WebKitFormBoundaryoLtdjuqj2ixPvBhA
         Content-Disposition: form-data; name="site_title"
 
-
         ------WebKitFormBoundaryoLtdjuqj2ixPvBhA
         Content-Disposition: form-data; name="forum_logo"; filename="{{randstr}}.php"
         Content-Type:  application/x-httpd-php
@@ -85,3 +84,5 @@ requests:
         regex:
           - 'name="CSRF_token" value="([0-9a-zA-Z]+)"/>'
         internal: true
+
+# Enhanced by md on 2023/03/28