From 39202e8d5889c748644a3996f286d3470d1ab439 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:58:06 -0400 Subject: [PATCH] Enhancement: cves/2022/CVE-2022-31854.yaml by md --- cves/2022/CVE-2022-31854.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/cves/2022/CVE-2022-31854.yaml b/cves/2022/CVE-2022-31854.yaml index ad1c4047d8..bab96cda5c 100644 --- a/cves/2022/CVE-2022-31854.yaml +++ b/cves/2022/CVE-2022-31854.yaml @@ -1,16 +1,16 @@ id: CVE-2022-31854 info: - name: CodoForum v5.1 - Remote Code Execution + name: Codoforum 5.1 - Arbitrary File Upload author: theamanrawat severity: high description: | - Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. + Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code, As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations. reference: - https://bitbucket.org/evnix/codoforum_downloads/downloads/codoforum.v.5.1.zip - - https://nvd.nist.gov/vuln/detail/CVE-2022-31854 - https://codoforum.com - https://vikaran101.medium.com/codoforum-v5-1-authenticated-rce-my-first-cve-f49e19b8bc + - https://nvd.nist.gov/vuln/detail/CVE-2022-31854 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 @@ -49,7 +49,6 @@ requests: ------WebKitFormBoundaryoLtdjuqj2ixPvBhA Content-Disposition: form-data; name="site_title" - ------WebKitFormBoundaryoLtdjuqj2ixPvBhA Content-Disposition: form-data; name="forum_logo"; filename="{{randstr}}.php" Content-Type: application/x-httpd-php @@ -85,3 +84,5 @@ requests: regex: - 'name="CSRF_token" value="([0-9a-zA-Z]+)"/>' internal: true + +# Enhanced by md on 2023/03/28