From 77215862c96c96e04673e10d73c2470cc200399a Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Wed, 22 Sep 2021 10:21:33 +0000
Subject: [PATCH] Auto Generated CVE annotations [Wed Sep 22 10:21:33 UTC 2021]
 :robot:

---
 cves/2018/CVE-2018-16836.yaml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cves/2018/CVE-2018-16836.yaml b/cves/2018/CVE-2018-16836.yaml
index 472089aa4c..0a8102bf1d 100644
--- a/cves/2018/CVE-2018-16836.yaml
+++ b/cves/2018/CVE-2018-16836.yaml
@@ -3,9 +3,15 @@ id: CVE-2018-16836
 info:
   name: Rubedo CMS 3.4.0 - Directory Traversal
   author: 0x_Akoko
-  severity: high
+  severity: critical
   reference: https://www.exploit-db.com/exploits/45385
   tags: cve,cve2018,rubedo,lfi
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.80
+    cve-id: CVE-2018-16836
+    cwe-id: CWE-22
+  description: "Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI."
 
 requests:
   - method: GET