From 404762182d7ca4225c3d8534426eb0f91a90e769 Mon Sep 17 00:00:00 2001
From: MostInterestingBotInTheWorld
 <98333686+MostInterestingBotInTheWorld@users.noreply.github.com>
Date: Fri, 13 May 2022 13:14:07 -0400
Subject: [PATCH] Enhancement: cves/2018/CVE-2018-9161.yaml by mp

---
 cves/2018/CVE-2018-9161.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/cves/2018/CVE-2018-9161.yaml b/cves/2018/CVE-2018-9161.yaml
index 2d6099ae02..d07f2b5e66 100644
--- a/cves/2018/CVE-2018-9161.yaml
+++ b/cves/2018/CVE-2018-9161.yaml
@@ -4,8 +4,7 @@ info:
   name: PrismaWEB - Credentials Disclosure
   author: gy741
   severity: critical
-  description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be
-    disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
+  description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script.
   reference:
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php
     - https://nvd.nist.gov/vuln/detail/CVE-2018-9161
@@ -33,3 +32,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/05/13