Merge pull request #4630 from MostInterestingBotInTheWorld/dashboard

Content Enhancements
patch-1
Prince Chaddha 2022-06-22 09:07:35 +05:30 committed by GitHub
commit 6baa590c20
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 28 additions and 6 deletions

View File

@ -1,7 +1,7 @@
id: CVE-2020-22208
info:
name: 74cms - Sql Injection
name: 74cms - ajax_street.php 'x' SQL Injection
author: ritikchaddha
severity: critical
description: |
@ -30,3 +30,5 @@ requests:
part: body
words:
- '{{md5("{{randstr}}")}}'
# Enhanced by cs on 2022/06/21

View File

@ -1,7 +1,7 @@
id: CVE-2020-22209
info:
name: 74cms - Sql Injection
name: 74cms - ajax_common.php SQL Injection
author: ritikchaddha
severity: critical
description: |
@ -29,3 +29,5 @@ requests:
part: body
words:
- '{{md5("{{randstr}}")}}'
# Enhanced by cs on 2022/06/21

View File

@ -1,7 +1,7 @@
id: CVE-2020-22210
info:
name: 74cms - Sql Injection
name: 74cms - ajax_officebuilding.php SQL Injection
author: ritikchaddha
severity: critical
description: |
@ -29,3 +29,5 @@ requests:
part: body
words:
- '{{md5("{{randstr}}")}}'
# Enhanced by cs on 2022/06/21

View File

@ -1,7 +1,7 @@
id: CVE-2020-22211
info:
name: 74cms Sql Injection
name: 74cms - ajax_street.php 'key' SQL Injection
author: ritikchaddha
severity: critical
description: |
@ -29,3 +29,5 @@ requests:
part: body
words:
- '{{md5("{{randstr}}")}}'
# Enhanced by cs on 2022/06/21

View File

@ -5,7 +5,7 @@ info:
author: Maximus Decimus
severity: medium
description: |
The plugin does not sanitise and escape the woof_redraw_elements before outputing back in an admin page, leading to a Reflected Cross-Site Scripting.
The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.
reference:
- https://wpscan.com/vulnerability/b7dd81c6-6af1-4976-b928-421ca69bfa90
- https://plugins.trac.wordpress.org/changeset/2648751
@ -38,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 06/21/2022

View File

@ -4,9 +4,13 @@ info:
name: SolarView Compact 6.00 - 'time_begin' Cross-Site Scripting
author: For3stCo1d
severity: medium
description: |
SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'time_begin' parameter to Solar_History.php.
reference:
- https://www.exploit-db.com/exploits/50967
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29299
classification:
cve-id: CVE-2022-29299
metadata:
verified: true
shodan-query: http.favicon.hash:-244067125
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 06/21/2022

View File

@ -3,10 +3,14 @@ id: CVE-2022-29301
info:
name: SolarView Compact 6.00 - 'pow' Cross-Site Scripting (XSS)
author: For3stCo1d
severity: medium
severity: high
description: |
SolarView Compact version 6.00 contains a cross-site scripting vulnerability in the 'pow' parameter to Solar_SlideSub.php.
reference:
- https://www.exploit-db.com/exploits/50968
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29301
classification:
cve-id: CVE-2022-29301
metadata:
verified: true
shodan-query: http.favicon.hash:-244067125
@ -34,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by cs 06/21/2022