updated 2020 CVEs

2023-09-06 17:52:36 +05:30 · 2023-09-06 17:52:36 +05:30 · 7d9d59ab58
parent a09a0c8d7a
commit 7d9d59ab58
246 changed files with 857 additions and 421 deletions
--- a/http/cves/2020/CVE-2020-0618.yaml
+++ b/http/cves/2020/CVE-2020-0618.yaml
@ -5,6 +5,8 @@ info:
  author: joeldeleep
  severity: high
  description: Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.
  remediation: |
    Apply the latest security updates provided by Microsoft to mitigate this vulnerability.
  reference:
    - https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
    - https://github.com/euphrat1ca/CVE-2020-0618
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-0618
    cwe-id: CWE-502
    epss-score: 0.97329
    cpe: cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*
    epss-percentile: 0.99813
    cpe: cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microsoft
--- a/http/cves/2020/CVE-2020-10148.yaml
+++ b/http/cves/2020/CVE-2020-10148.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.
  remediation: |
    Apply the necessary patches or updates provided by SolarWinds to fix the authentication bypass vulnerability.
  reference:
    - https://kb.cert.org/vuls/id/843464
    - https://github.com/jaeles-project/jaeles-signatures/blob/master/cves/solarwinds-lfi-cve-2020-10148.yaml
@ -18,8 +20,8 @@ info:
    cve-id: CVE-2020-10148
    cwe-id: CWE-287,CWE-288
    epss-score: 0.97347
    cpe: cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
    epss-percentile: 0.99832
    cpe: cpe:2.3:a:solarwinds:orion_platform:2019.4:hotfix5:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: solarwinds
--- a/http/cves/2020/CVE-2020-10199.yaml
+++ b/http/cves/2020/CVE-2020-10199.yaml
@ -5,6 +5,8 @@ info:
  author: rootxharsh,iamnoooob,pdresearch
  severity: high
  description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection
  remediation: |
    Apply the latest security patches or upgrade to a non-vulnerable version of Sonatype Nexus Repository Manager 3.
  reference:
    - https://twitter.com/iamnoooob/status/1246182773427240967
    - https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-10199
    cwe-id: CWE-917
    epss-score: 0.97217
    cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*
    epss-percentile: 0.99742
    cpe: cpe:2.3:a:sonatype:nexus:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: sonatype
--- a/http/cves/2020/CVE-2020-10220.yaml
+++ b/http/cves/2020/CVE-2020-10220.yaml
@ -6,20 +6,21 @@ info:
  severity: critical
  description: |
    An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.
  remediation: |
    Upgrade to a patched version of rConfig or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/156950/rConfig-3.9.4-searchField-Remote-Code-Execution.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-10220
  classification:
    cve-id: CVE-2020-10220
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-10220
    cwe-id: CWE-89
  metadata:
    max-request: 1
    verified: true
    max-request: 1
    shodan-query: title:"rConfig"
  tags: cve,cve2020,rconfig,sqli
 variables:
  num: "999999999"
--- a/http/cves/2020/CVE-2020-10546.yaml
+++ b/http/cves/2020/CVE-2020-10546.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: critical
  description: rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
  remediation: |
    Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
  reference:
    - https://github.com/theguly/exploits/blob/master/CVE-2020-10546.py
    - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-10546
    cwe-id: CWE-89
    epss-score: 0.4901
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
    epss-percentile: 0.97048
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rconfig
--- a/http/cves/2020/CVE-2020-10547.yaml
+++ b/http/cves/2020/CVE-2020-10547.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: critical
  description: rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
  remediation: |
    Upgrade to the latest version of rConfig or apply the provided patch to fix the SQL Injection vulnerability.
  reference:
    - https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
    - https://github.com/theguly/exploits/blob/master/CVE-2020-10547.py
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-10547
    cwe-id: CWE-89
    epss-score: 0.4901
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
    epss-percentile: 0.97048
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rconfig
--- a/http/cves/2020/CVE-2020-10548.yaml
+++ b/http/cves/2020/CVE-2020-10548.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: critical
  description: rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
  remediation: |
    Upgrade to a patched version of rConfig or apply the necessary security patches provided by the vendor.
  reference:
    - https://github.com/theguly/exploits/blob/master/CVE-2020-10548.py
    - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-10548
    cwe-id: CWE-89
    epss-score: 0.4901
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
    epss-percentile: 0.97048
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rconfig
--- a/http/cves/2020/CVE-2020-10549.yaml
+++ b/http/cves/2020/CVE-2020-10549.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: critical
  description: rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
  remediation: |
    Upgrade rConfig to version >3.9.4 or apply the provided patch to mitigate the SQL Injection vulnerability.
  reference:
    - https://github.com/theguly/exploits/blob/master/CVE-2020-10549.py
    - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-10549
    cwe-id: CWE-89
    epss-score: 0.4901
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
    epss-percentile: 0.97048
    cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rconfig
--- a/http/cves/2020/CVE-2020-10770.yaml
+++ b/http/cves/2020/CVE-2020-10770.yaml
@ -5,6 +5,8 @@ info:
  author: dhiyaneshDk
  severity: medium
  description: Keycloak 12.0.1 and below allows an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
  remediation: |
    Upgrade Keycloak to a version higher than 12.0.1 to mitigate this vulnerability.
  reference:
    - https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
    - https://www.exploit-db.com/exploits/50405
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-10770
    cwe-id: CWE-918
    epss-score: 0.37441
    cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
    epss-percentile: 0.9668
    cpe: cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: redhat
--- a/http/cves/2020/CVE-2020-10973.yaml
+++ b/http/cves/2020/CVE-2020-10973.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform a decryption step, but all decryption information is readily available.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the access control issue.
  reference:
    - https://github.com/sudo-jtcsec/CVE/blob/master/CVE-2020-10973
    - https://github.com/sudo-jtcsec/Nyra
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-10973
    cwe-id: CWE-306
    epss-score: 0.03878
    cpe: cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
    epss-percentile: 0.90774
    cpe: cpe:2.3:o:wavlink:wn530hg4_firmware:m30hg4.v5030.191116:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"Wavlink"
    verified: true
    max-request: 1
    vendor: wavlink
    product: wn530hg4_firmware
    shodan-query: http.html:"Wavlink"
  tags: cve,cve2020,exposure,wavlink
 http:
--- a/http/cves/2020/CVE-2020-11034.yaml
+++ b/http/cves/2020/CVE-2020-11034.yaml
@ -5,21 +5,21 @@ info:
  author: pikpikcu
  severity: medium
  description: GLPI prior 9.4.6 contains an open redirect vulnerability based on a regexp.
  remediation: Upgrade to version 9.4.6 or later.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
    - https://github.com/glpi-project/glpi/archive/9.4.6.zip
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11034
    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WQMONZRWLWOXMHMYWR7A5Q5JJERPMVC/
    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q4BG2UTINBVV7MTJRXKBQ26GV2UINA6L/
  remediation: Upgrade to version 9.4.6 or later.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2020-11034
    cwe-id: CWE-601,CWE-185
    epss-score: 0.00396
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
    epss-percentile: 0.7014
    cpe: cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: glpi-project
--- a/http/cves/2020/CVE-2020-11110.yaml
+++ b/http/cves/2020/CVE-2020-11110.yaml
@ -5,26 +5,26 @@ info:
  author: emadshanab
  severity: medium
  description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
  remediation: This issue can be resolved by updating Grafana to the latest version.
  reference:
    - https://github.com/grafana/grafana/pull/23254
    - https://security.netapp.com/advisory/ntap-20200810-0002/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
    - https://hackerone.com/reports/1329433
    - https://github.com/grafana/grafana/blob/master/CHANGELOG.md
  remediation: This issue can be resolved by updating Grafana to the latest version.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 5.4
    cve-id: CVE-2020-11110
    cwe-id: CWE-79
    epss-score: 0.00131
    cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
    epss-percentile: 0.47313
    cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: title:"Grafana"
    vendor: grafana
    product: grafana
    shodan-query: title:"Grafana"
  tags: cve,cve2020,xss,grafana,hackerone
 http:
--- a/http/cves/2020/CVE-2020-11450.yaml
+++ b/http/cves/2020/CVE-2020-11450.yaml
@ -6,20 +6,20 @@ info:
  severity: high
  description: |
    MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: Mitigated in all versions 11.0 and higher.
  reference:
    - http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11450
    - https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
    - https://nvd.nist.gov/vuln/detail/cve-2020-11450
    - http://seclists.org/fulldisclosure/2020/Apr/1
  remediation: Mitigated in all versions 11.0 and higher.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-11450
    epss-score: 0.34975
    cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*
    epss-percentile: 0.96566
    cpe: cpe:2.3:a:microstrategy:microstrategy_web:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microstrategy
--- a/http/cves/2020/CVE-2020-11455.yaml
+++ b/http/cves/2020/CVE-2020-11455.yaml
@ -5,6 +5,8 @@ info:
  author: daffainfo
  severity: critical
  description: LimeSurvey before 4.1.12+200324 is vulnerable to local file inclusion because it contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.
  remediation: |
    Upgrade to the latest version of LimeSurvey (4.1.12 or higher) which includes a fix for this vulnerability.
  reference:
    - https://www.exploit-db.com/exploits/48297
    - https://github.com/LimeSurvey/LimeSurvey/commit/daf50ebb16574badfb7ae0b8526ddc5871378f1b
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-11455
    cwe-id: CWE-22
    epss-score: 0.5225
    cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
    epss-percentile: 0.97134
    cpe: cpe:2.3:a:limesurvey:limesurvey:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: limesurvey
--- a/http/cves/2020/CVE-2020-11529.yaml
+++ b/http/cves/2020/CVE-2020-11529.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: medium
  description: Grav before 1.7 has an open redirect vulnerability via common/Grav.php. This is partially fixed in 1.6.23 and still present in 1.6.x.
  remediation: |
    Upgrade Grav CMS to version 1.7 or later to fix the open redirect vulnerability.
  reference:
    - https://github.com/getgrav/grav/issues/3134
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11529
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-11529
    cwe-id: CWE-601
    epss-score: 0.00349
    cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
    epss-percentile: 0.68242
    cpe: cpe:2.3:a:getgrav:grav:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: getgrav
--- a/http/cves/2020/CVE-2020-11530.yaml
+++ b/http/cves/2020/CVE-2020-11530.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  remediation: |
    Update to the latest version of the WordPress Chop Slider 3 plugin to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/f10cd7d7-6a31-48e5-994c-b100c846001a
    - https://github.com/idangerous/plugins/tree/master/Chop%20Slider%203/Chop%20Slider%203%20Wordpress
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-11530
    cwe-id: CWE-89
    epss-score: 0.65013
    cpe: cpe:2.3:a:idangero:chop_slider:3.0:*:*:*:*:wordpress:*:*
    epss-percentile: 0.9744
    cpe: cpe:2.3:a:idangero:chop_slider:3.0:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    verified: true
-    framework: wordpress
+    max-request: 1
    vendor: idangero
    product: chop_slider
    framework: wordpress
  tags: wpscan,seclists,cve,cve2020,sqli,wordpress,wp-plugin,wp,chopslider,unauth
 http:
--- a/http/cves/2020/CVE-2020-11546.yaml
+++ b/http/cves/2020/CVE-2020-11546.yaml
@ -5,6 +5,8 @@ info:
  author: Official_BlackHat13
  severity: critical
  description: SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection.
  remediation: |
    Upgrade to the latest version of SuperWebmailer to mitigate this vulnerability.
  reference:
    - https://github.com/Official-BlackHat13/CVE-2020-11546/
    - https://blog.to.com/advisory-superwebmailer-cve-2020-11546/
@ -15,13 +17,13 @@ info:
    cve-id: CVE-2020-11546
    cwe-id: CWE-94
    epss-score: 0.96429
    cpe: cpe:2.3:a:superwebmailer:superwebmailer:*:*:*:*:*:*:*:*
    epss-percentile: 0.99376
    cpe: cpe:2.3:a:superwebmailer:superwebmailer:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: title:"SuperWebMailer"
    vendor: superwebmailer
    product: superwebmailer
    shodan-query: title:"SuperWebMailer"
  tags: cve,cve2020,rce,superwebmailer
 http:
--- a/http/cves/2020/CVE-2020-11547.yaml
+++ b/http/cves/2020/CVE-2020-11547.yaml
@ -5,6 +5,8 @@ info:
  author: x6263
  severity: medium
  description: PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.
  remediation: |
    Upgrade PRTG Network Monitor to version 20.1.57.1745 or higher to mitigate the information disclosure vulnerability.
  reference:
    - https://github.com/ch-rigu/CVE-2020-11547--PRTG-Network-Monitor-Information-Disclosure
    - https://github.com/ch-rigu/PRTG-Network-Monitor-Information-Disclosure
@ -15,14 +17,14 @@ info:
    cve-id: CVE-2020-11547
    cwe-id: CWE-306
    epss-score: 0.0011
    cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
    epss-percentile: 0.43305
    cpe: cpe:2.3:a:paessler:prtg_network_monitor:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    verified: true
-    shodan-query: title:"prtg"
+    max-request: 3
    vendor: paessler
    product: "prtg_network_monitor"
    shodan-query: title:"prtg"
  tags: cve,cve2020,prtg,disclosure
 http:
--- a/http/cves/2020/CVE-2020-11710.yaml
+++ b/http/cves/2020/CVE-2020-11710.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: critical
  description: Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.
  remediation: |
    Upgrade to Kong version 2.0.3 or later to fix the vulnerability and ensure proper authentication and access control mechanisms are in place.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11710
    - https://github.com/Kong/kong
@ -16,13 +18,13 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2020-11710
    epss-score: 0.02084
    cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:kong:*:*
    epss-percentile: 0.87657
    cpe: cpe:2.3:a:konghq:docker-kong:*:*:*:*:*:kong:*:*
  metadata:
    max-request: 1
    framework: kong
    vendor: konghq
    product: docker-kong
    framework: kong
  tags: cve,cve2020,kong
 http:
--- a/http/cves/2020/CVE-2020-11738.yaml
+++ b/http/cves/2020/CVE-2020-11738.yaml
@ -8,6 +8,8 @@ info:
    WordPress Duplicator 1.3.24 & 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two
    versions v1.3.24 and v1.3.26, the vulnerability wasn't
    present in versions 1.3.22 and before.
  remediation: |
    Update the WordPress Duplicator plugin to the latest version (1.3.27 or higher) to mitigate the vulnerability.
  reference:
    - https://www.tenable.com/blog/duplicator-wordpress-plugin-vulnerability-exploited-in-the-wild
    - https://snapcreek.com/duplicator/docs/changelog/?lite
@ -20,13 +22,13 @@ info:
    cve-id: CVE-2020-11738
    cwe-id: CWE-22
    epss-score: 0.97273
    cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
    epss-percentile: 0.99776
    cpe: cpe:2.3:a:snapcreek:duplicator:*:*:*:*:lite:wordpress:*:*
  metadata:
    max-request: 2
    framework: wordpress
    vendor: snapcreek
    product: duplicator
    framework: wordpress
  tags: kev,tenable,packetstorm,cve,cve2020,wordpress,wp-plugin,lfi
 http:
--- a/http/cves/2020/CVE-2020-11798.yaml
+++ b/http/cves/2020/CVE-2020-11798.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.
  remediation: |
    Apply the latest security patches or updates provided by Mitel to mitigate the vulnerability and prevent unauthorized access.
  reference:
    - https://packetstormsecurity.com/files/171751/mma913-traversallfi.txt
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11798
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-11798
    cwe-id: CWE-22
    epss-score: 0.75314
    cpe: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*
    epss-percentile: 0.97741
    cpe: cpe:2.3:a:mitel:micollab_audio\,_web_\&_video_conferencing:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
-    shodan-query: html:"Mitel" html:"MiCollab"
+    max-request: 1
    vendor: mitel
    product: micollab_audio\,_web_\&_video_conferencing
    shodan-query: html:"Mitel" html:"MiCollab"
  tags: packetstorm,cve,cve2020,mitel,micollab,lfi
 http:
--- a/http/cves/2020/CVE-2020-11853.yaml
+++ b/http/cves/2020/CVE-2020-11853.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of Micro Focus Operations Bridge Manager.
  reference:
    - http://packetstormsecurity.com/files/161366/Micro-Focus-Operations-Bridge-Manager-Remote-Code-Execution.html
    - https://softwaresupport.softwaregrp.com/doc/KM03747658
@ -17,8 +19,8 @@ info:
    cvss-score: 8.8
    cve-id: CVE-2020-11853
    epss-score: 0.94797
    cpe: cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*
    epss-percentile: 0.98954
    cpe: cpe:2.3:a:microfocus:operation_bridge_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microfocus
--- a/http/cves/2020/CVE-2020-11854.yaml
+++ b/http/cves/2020/CVE-2020-11854.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.
  remediation: |
    Apply the latest security patches or updates provided by Micro Focus to fix this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/161182/Micro-Focus-UCMDB-Remote-Code-Execution.html
    - https://softwaresupport.softwaregrp.com/doc/KM03747658
@ -18,8 +20,8 @@ info:
    cve-id: CVE-2020-11854
    cwe-id: CWE-798
    epss-score: 0.97414
    cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
    epss-percentile: 0.99886
    cpe: cpe:2.3:a:microfocus:application_performance_management:9.50:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microfocus
--- a/http/cves/2020/CVE-2020-11930.yaml
+++ b/http/cves/2020/CVE-2020-11930.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
  remediation: |
    Update the WordPress GTranslate plugin to version 2.8.52 or later to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/10181
    - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-11930
    cwe-id: CWE-79
    epss-score: 0.00396
    cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.70156
    cpe: cpe:2.3:a:gtranslate:translate_wordpress_with_gtranslate:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    publicwww-query: "/wp-content/plugins/gtranslate"
    framework: wordpress
    vendor: gtranslate
    product: translate_wordpress_with_gtranslate
    framework: wordpress
    publicwww-query: "/wp-content/plugins/gtranslate"
  tags: cve,cve2020,wordpress,wp,xss,wp-plugin,wpscan
 http:
--- a/http/cves/2020/CVE-2020-11978.yaml
+++ b/http/cves/2020/CVE-2020-11978.yaml
@ -5,26 +5,26 @@ info:
  author: pdteam
  severity: high
  description: Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use).
  remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
  reference:
    - https://github.com/pberba/CVE-2020-11978
    - https://twitter.com/wugeej/status/1400336603604668418
    - https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11978
  remediation: If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2020-11978
    cwe-id: CWE-78
    epss-score: 0.97524
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
    epss-percentile: 0.9998
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
  metadata:
    max-request: 4
    shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
    verified: true
    max-request: 4
    vendor: apache
    product: airflow
    shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs"
  tags: cve,cve2020,apache,airflow,rce,kev
 http:
--- a/http/cves/2020/CVE-2020-11991.yaml
+++ b/http/cves/2020/CVE-2020-11991.yaml
@ -5,24 +5,24 @@ info:
  author: pikpikcu
  severity: high
  description: Apache Cocoon 2.1.12 is susceptible to  XML injection. When using the StreamGenerator, the code parses a user-provided XML. A specially crafted XML, including external system entities, can be used to access any file on the server system.
  remediation: Upgrade to Apache Cocoon 2.1.13 or later.
  reference:
    - https://lists.apache.org/thread/6xg5j4knfczwdhggo3t95owqzol37k1b
    - https://nvd.nist.gov/vuln/detail/CVE-2020-11991
    - https://lists.apache.org/thread.html/r77add973ea521185e1a90aca00ba9dae7caa8d8b944d92421702bb54%40%3Cusers.cocoon.apache.org%3E
  remediation: Upgrade to Apache Cocoon 2.1.13 or later.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-11991
    cwe-id: CWE-611
    epss-score: 0.80318
    cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*
    epss-percentile: 0.97888
    cpe: cpe:2.3:a:apache:cocoon:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"Apache Cocoon"
    vendor: apache
    product: cocoon
    shodan-query: http.html:"Apache Cocoon"
  tags: cve,cve2020,apache,xml,cocoon,xxe
 http:
--- a/http/cves/2020/CVE-2020-12054.yaml
+++ b/http/cves/2020/CVE-2020-12054.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
  remediation: |
    Update to the latest version of WordPress Catch Breadcrumb plugin (1.5.4 or higher) to mitigate the vulnerability.
  reference:
    - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
    - https://wpvulndb.com/vulnerabilities/10184
@ -17,13 +19,13 @@ info:
    cve-id: CVE-2020-12054
    cwe-id: CWE-79
    epss-score: 0.00129
    cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.46935
    cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    framework: wordpress
    vendor: catchplugins
    product: catch_breadcrumb
    framework: wordpress
  tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020
 http:
--- a/http/cves/2020/CVE-2020-12116.yaml
+++ b/http/cves/2020/CVE-2020-12116.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: high
  description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.
  remediation: |
    Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability.
  reference:
    - https://github.com/BeetleChunks/CVE-2020-12116
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12116
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-12116
    cwe-id: CWE-22
    epss-score: 0.97355
    cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
    epss-percentile: 0.99837
    cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: zohocorp
--- a/http/cves/2020/CVE-2020-12127.yaml
+++ b/http/cves/2020/CVE-2020-12127.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability.
  reference:
    - https://cerne.xyz/bugs/CVE-2020-12127
    - https://www.wavlink.com/en_us/product/WL-WN530H4.html
@ -16,14 +18,14 @@ info:
    cve-id: CVE-2020-12127
    cwe-id: CWE-306
    epss-score: 0.03579
    cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
    epss-percentile: 0.90419
    cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"Wavlink"
    verified: true
    max-request: 1
    vendor: wavlink
    product: wn530h4_firmware
    shodan-query: http.html:"Wavlink"
  tags: cve,cve2020,wavlink,exposure
 http:
--- a/http/cves/2020/CVE-2020-12447.yaml
+++ b/http/cves/2020/CVE-2020-12447.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: high
  description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability.
  reference:
    - https://blog.spookysec.net/onkyo-lfi
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12447
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-12447
    cwe-id: CWE-22
    epss-score: 0.01778
    cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:*
    epss-percentile: 0.86487
    cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: onkyo
--- a/http/cves/2020/CVE-2020-12478.yaml
+++ b/http/cves/2020/CVE-2020-12478.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Upgrade to a patched version of TeamPass or apply the recommended security patches.
  reference:
    - https://github.com/nilsteampassnet/TeamPass/issues/2764
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12478
@ -15,14 +17,14 @@ info:
    cve-id: CVE-2020-12478
    cwe-id: CWE-306
    epss-score: 0.00901
    cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*
    epss-percentile: 0.80707
    cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"teampass"
    verified: true
    max-request: 1
    vendor: teampass
    product: teampass
    shodan-query: http.html:"teampass"
  tags: cve,cve2020,teampass,exposure,unauth
 http:
--- a/http/cves/2020/CVE-2020-12720.yaml
+++ b/http/cves/2020/CVE-2020-12720.yaml
@ -5,6 +5,8 @@ info:
  author: pdteam
  severity: critical
  description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin.
  reference:
    - https://github.com/rekter0/exploits/tree/master/CVE-2020-12720
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12720
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-12720
    cwe-id: CWE-306
    epss-score: 0.88108
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
    epss-percentile: 0.98245
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: vbulletin
--- a/http/cves/2020/CVE-2020-12800.yaml
+++ b/http/cves/2020/CVE-2020-12800.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file.
  remediation: |
    Update the Contact Form 7 plugin to version 1.3.3.3 or later to mitigate this vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-12800
    - https://github.com/amartinsec/CVE-2020-12800
@ -17,13 +19,13 @@ info:
    cve-id: CVE-2020-12800
    cwe-id: CWE-434
    epss-score: 0.97435
    cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.99908
    cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 2
    framework: wordpress
    vendor: codedropz
    product: drag_and_drop_multiple_file_upload_-_contact_form_7
    framework: wordpress
  tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive
 http:
--- a/http/cves/2020/CVE-2020-13117.yaml
+++ b/http/cves/2020/CVE-2020-13117.yaml
@ -5,6 +5,8 @@ info:
  author: gy741
  severity: critical
  description: Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
  reference:
    - https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13117
@ -14,14 +16,14 @@ info:
    cve-id: CVE-2020-13117
    cwe-id: CWE-77
    epss-score: 0.0785
    cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:*
    epss-percentile: 0.93385
    cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
-    shodan-query: http.title:"Wi-Fi APP Login"
+    max-request: 1
    vendor: wavlink
    product: wn575a4_firmware
    shodan-query: http.title:"Wi-Fi APP Login"
  tags: cve,cve2020,wavlink,rce,oast,router
 http:
--- a/http/cves/2020/CVE-2020-13121.yaml
+++ b/http/cves/2020/CVE-2020-13121.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: medium
  description: Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Upgrade to Submitty version 20.04.01 or later to fix the open redirect vulnerability.
  reference:
    - https://github.com/Submitty/Submitty/issues/5265
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13121
@ -14,8 +16,8 @@ info:
    cve-id: CVE-2020-13121
    cwe-id: CWE-601
    epss-score: 0.00235
    cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:*
    epss-percentile: 0.60968
    cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: rcos
--- a/http/cves/2020/CVE-2020-13158.yaml
+++ b/http/cves/2020/CVE-2020-13158.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: high
  description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter.
  remediation: |
    Upgrade to Artica Proxy Community Edition version 4.30.000000 or later to fix the Local File Inclusion vulnerability.
  reference:
    - https://github.com/InfoSec4Fun/CVE-2020-13158
    - https://sourceforge.net/projects/artica-squid/files/
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-13158
    cwe-id: CWE-22
    epss-score: 0.96791
    cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:*
    epss-percentile: 0.99534
    cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:*
  metadata:
    max-request: 1
    vendor: articatech
--- a/http/cves/2020/CVE-2020-13167.yaml
+++ b/http/cves/2020/CVE-2020-13167.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
  remediation: |
    Upgrade to a patched version of Netsweeper (>=6.4.4) to mitigate this vulnerability.
  reference:
    - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/
    - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-13167
    cwe-id: CWE-78
    epss-score: 0.97384
    cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
    epss-percentile: 0.99866
    cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: netsweeper
--- a/http/cves/2020/CVE-2020-13258.yaml
+++ b/http/cves/2020/CVE-2020-13258.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py.
  remediation: |
    Upgrade Contentful to a version that is not vulnerable to CVE-2020-13258 or apply the necessary patches provided by the vendor.
  reference:
    - https://github.com/contentful/the-example-app.py/issues/44
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13258
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-13258
    cwe-id: CWE-79
    epss-score: 0.00464
    cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:*
    epss-percentile: 0.72315
    cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: contentful
--- a/http/cves/2020/CVE-2020-13379.yaml
+++ b/http/cves/2020/CVE-2020-13379.yaml
@ -6,13 +6,13 @@ info:
  severity: high
  description: |
    Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  remediation: Upgrade to 6.3.4 or higher.
  reference:
    - https://github.com/advisories/GHSA-wc9w-wvq2-ffm9
    - https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192
    - http://www.openwall.com/lists/oss-security/2020/06/03/4
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13379
    - http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html
  remediation: Upgrade to 6.3.4 or higher.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
    cvss-score: 8.2
@ -22,11 +22,11 @@ info:
    epss-percentile: 0.95791
    cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: grafana
    product: grafana
    shodan-query: title:"Grafana"
    vendor: grafana
    verified: true
  tags: cve,cve2020,grafana,ssrf
 http:
@ -36,6 +36,7 @@ http:
      - "{{BaseURL}}/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1"
    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
--- a/http/cves/2020/CVE-2020-13405.yaml
+++ b/http/cves/2020/CVE-2020-13405.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability.
  reference:
    - https://rhinosecuritylabs.com/research/microweber-database-disclosure/
    - https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6
@ -16,14 +18,14 @@ info:
    cve-id: CVE-2020-13405
    cwe-id: CWE-306
    epss-score: 0.00667
    cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
    epss-percentile: 0.77128
    cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    shodan-query: http.html:"microweber"
    verified: true
    max-request: 3
    vendor: microweber
    product: microweber
    shodan-query: http.html:"microweber"
  tags: cve,cve2020,microweber,unauth,disclosure
 http:
--- a/http/cves/2020/CVE-2020-13483.yaml
+++ b/http/cves/2020/CVE-2020-13483.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu,3th1c_yuk1
  severity: medium
  description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
  remediation: |
    Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability.
  reference:
    - https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558
    - https://twitter.com/brutelogic/status/1483073170827628547
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-13483
    cwe-id: CWE-79
    epss-score: 0.00113
    cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:*
    epss-percentile: 0.44064
    cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: bitrix24
--- a/http/cves/2020/CVE-2020-13700.yaml
+++ b/http/cves/2020/CVE-2020-13700.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.
  remediation: |
    Update the acf-to-rest-api plugin to version >3.1.0 or apply the latest security patches.
  reference:
    - https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5
    - https://wordpress.org/plugins/acf-to-rest-api/#developers
@ -17,13 +19,13 @@ info:
    cve-id: CVE-2020-13700
    cwe-id: CWE-639
    epss-score: 0.01923
    cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.87118
    cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    framework: wordpress
    vendor: acf_to_rest_api_project
    product: acf_to_rest_api
    framework: wordpress
  tags: cve,cve2020,wordpress,plugin
 http:
--- a/http/cves/2020/CVE-2020-13820.yaml
+++ b/http/cves/2020/CVE-2020-13820.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of Extreme Management Center.
  reference:
    - https://medium.com/@0x00crash/xss-reflected-in-extreme-management-center-8-4-1-24-cve-2020-13820-c6febe951219
    - https://gtacknowledge.extremenetworks.com/articles/Solution/000051136
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-13820
    cwe-id: CWE-79
    epss-score: 0.00237
    cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:*
    epss-percentile: 0.6108
    cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: title:"Extreme Management Center"
    verified: true
    max-request: 1
    vendor: extremenetworks
    product: extreme_management_center
    shodan-query: title:"Extreme Management Center"
  tags: cve,cve2020,xss,extremenetworks
 http:
--- a/http/cves/2020/CVE-2020-13927.yaml
+++ b/http/cves/2020/CVE-2020-13927.yaml
@ -6,27 +6,27 @@ info:
  severity: critical
  description: |
    Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.
  remediation: |
    From Airflow 1.10.11 forward, the default has been changed to deny all requests by default.  Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
  reference:
    - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E
    - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html
    - https://airflow.apache.org/docs/1.10.11/security.html#api-authenticatio
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13927
  remediation: |
    From Airflow 1.10.11 forward, the default has been changed to deny all requests by default.  Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-13927
    cwe-id: CWE-1188
    epss-score: 0.95404
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
    epss-percentile: 0.99097
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
-    shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
+    max-request: 1
    vendor: apache
    product: airflow
    shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow"
  tags: packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev
 http:
--- a/http/cves/2020/CVE-2020-13937.yaml
+++ b/http/cves/2020/CVE-2020-13937.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: medium
  description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1,  3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.
  remediation: |
    Secure the configuration file by restricting access permissions and implementing proper access controls.
  reference:
    - https://kylin.apache.org/docs/release_notes.html
    - https://s.tencent.com/research/bsafe/1156.html
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-13937
    cwe-id: CWE-922
    epss-score: 0.97402
    cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:*
    epss-percentile: 0.99877
    cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
--- a/http/cves/2020/CVE-2020-13942.yaml
+++ b/http/cves/2020/CVE-2020-13942.yaml
@ -9,21 +9,21 @@ info:
    offers the possibility to call static Java classes from the JDK
    that could execute code with the permission level of the running Java process.
    This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
  remediation: Apache Unomi users should upgrade to 1.5.2 or later.
  reference:
    - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
    - https://twitter.com/chybeta/status/1328912309440311297
    - https://nvd.nist.gov/vuln/detail/CVE-2020-13942
    - http://unomi.apache.org./security/cve-2020-13942.txt
    - https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
  remediation: Apache Unomi users should upgrade to 1.5.2 or later.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-13942
    cwe-id: CWE-74,CWE-20
    epss-score: 0.97533
    cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
    epss-percentile: 0.99986
    cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
--- a/http/cves/2020/CVE-2020-13945.yaml
+++ b/http/cves/2020/CVE-2020-13945.yaml
@ -5,6 +5,8 @@ info:
  author: pdteam
  severity: medium
  description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data.
  remediation: |
    Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely.
  reference:
    - https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945
    - https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-13945
    cwe-id: CWE-522
    epss-score: 0.00522
    cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
    epss-percentile: 0.73906
    cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: apache
--- a/http/cves/2020/CVE-2020-14092.yaml
+++ b/http/cves/2020/CVE-2020-14092.yaml
@ -5,6 +5,8 @@ info:
  author: princechaddha
  severity: critical
  description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format.
  remediation: |
    Update to the latest version of the WordPress PayPal Pro plugin (1.1.65 or higher) to mitigate the SQL Injection vulnerability.
  reference:
    - https://wpscan.com/vulnerability/10287
    - https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro
@ -17,13 +19,13 @@ info:
    cve-id: CVE-2020-14092
    cwe-id: CWE-89
    epss-score: 0.76739
    cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.97784
    cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    framework: wordpress
    vendor: ithemes
    product: paypal_pro
    framework: wordpress
  tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress
 http:
--- a/http/cves/2020/CVE-2020-14144.yaml
+++ b/http/cves/2020/CVE-2020-14144.yaml
@ -6,27 +6,27 @@ info:
  severity: high
  description: |
    Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides."
  remediation: Fixed in version 1.16.7.
  reference:
    - https://dl.gitea.io/gitea/1.16.6
    - https://github.com/go-gitea/gitea/pull/13058
    - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-14144
    - https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script
  remediation: Fixed in version 1.16.7.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2020-14144
    cwe-id: CWE-78
    epss-score: 0.96765
    cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
    epss-percentile: 0.99519
    cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
  metadata:
    max-request: 7
    shodan-query: html:"Powered by Gitea Version"
    verified: true
    max-request: 7
    vendor: gitea
    product: gitea
    shodan-query: html:"Powered by Gitea Version"
  tags: cve,cve2020,rce,gitea,authenticated,git,intrusive
 http:
--- a/http/cves/2020/CVE-2020-14179.yaml
+++ b/http/cves/2020/CVE-2020-14179.yaml
@ -5,6 +5,8 @@ info:
  author: x1m_martijn
  severity: medium
  description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names.
  remediation: |
    Upgrade Atlassian Jira Server/Data Center to a version higher than 8.11.1 to mitigate the vulnerability.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-71536
    - https://nvd.nist.gov/vuln/detail/CVE-2020-14179
@ -13,13 +15,13 @@ info:
    cvss-score: 5.3
    cve-id: CVE-2020-14179
    epss-score: 0.0047
    cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
    epss-percentile: 0.72498
    cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.component:"Atlassian Jira"
    vendor: atlassian
    product: jira_data_center
    shodan-query: http.component:"Atlassian Jira"
  tags: cve,cve2020,atlassian,jira,exposure,disclosure
 http:
--- a/http/cves/2020/CVE-2020-14181.yaml
+++ b/http/cves/2020/CVE-2020-14181.yaml
@ -5,6 +5,8 @@ info:
  author: bjhulst
  severity: medium
  description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0.
  remediation: |
    Apply the necessary patches or updates provided by Atlassian to fix the vulnerability.
  reference:
    - https://jira.atlassian.com/browse/JRASERVER-71560
    - http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html
@ -15,13 +17,13 @@ info:
    cve-id: CVE-2020-14181
    cwe-id: CWE-200
    epss-score: 0.96932
    cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
    epss-percentile: 0.99604
    cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.component:"Atlassian Jira"
    vendor: atlassian
    product: data_center
    shodan-query: http.component:"Atlassian Jira"
  tags: cve,cve2020,atlassian,jira,packetstorm
 http:
--- a/http/cves/2020/CVE-2020-14408.yaml
+++ b/http/cves/2020/CVE-2020-14408.yaml
@ -5,6 +5,8 @@ info:
  author: edoardottt
  severity: medium
  description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
  remediation: |
    Upgrade to the latest version of Agentejo Cockpit or apply the vendor-provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/agentejo/cockpit/issues/1310
    - https://nvd.nist.gov/vuln/detail/CVE-2020-14408
@ -14,11 +16,11 @@ info:
    cve-id: CVE-2020-14408
    cwe-id: CWE-79
    epss-score: 0.00113
    cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:*
    epss-percentile: 0.44064
    cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    max-request: 1
    vendor: agentejo
    product: cockpit
  tags: cve,cve2020,cockpit,agentejo,xss,oss
--- a/http/cves/2020/CVE-2020-14413.yaml
+++ b/http/cves/2020/CVE-2020-14413.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: medium
  description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value.
  remediation: |
    Upgrade to a patched version of NeDi or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8
    - https://nvd.nist.gov/vuln/detail/CVE-2020-14413
@ -14,8 +16,8 @@ info:
    cve-id: CVE-2020-14413
    cwe-id: CWE-79
    epss-score: 0.00095
    cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:*
    epss-percentile: 0.39345
    cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: nedi
--- a/http/cves/2020/CVE-2020-14750.yaml
+++ b/http/cves/2020/CVE-2020-14750.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update.
  remediation: |
    Apply the latest security patches provided by Oracle to mitigate this vulnerability.
  reference:
    - https://github.com/pprietosanchez/CVE-2020-14750
    - https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
@ -17,14 +19,14 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2020-14750
    epss-score: 0.97553
    cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:*
    epss-percentile: 0.99993
    cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"Weblogic Application Server"
    verified: true
    max-request: 1
    vendor: oracle
    product: fusion_middleware
    shodan-query: http.html:"Weblogic Application Server"
  tags: packetstorm,cve,cve2020,rce,oracle,weblogic,unauth,kev
 http:
--- a/http/cves/2020/CVE-2020-14864.yaml
+++ b/http/cves/2020/CVE-2020-14864.yaml
@ -5,6 +5,8 @@ info:
  author: Ivo Palazzolo (@palaziv)
  severity: high
  description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage."
  remediation: |
    Apply the latest security patches and updates provided by Oracle to fix this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html
    - https://www.oracle.com/security-alerts/cpuoct2020.html
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-14864
    cwe-id: CWE-22
    epss-score: 0.32452
    cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
    epss-percentile: 0.96445
    cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
--- a/http/cves/2020/CVE-2020-14882.yaml
+++ b/http/cves/2020/CVE-2020-14882.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: critical
  description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server.
  remediation: |
    Apply the latest security patches provided by Oracle to fix the vulnerability.
  reference:
    - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf
    - https://www.oracle.com/security-alerts/cpuoct2020.html
@ -17,8 +19,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2020-14882
    epss-score: 0.97537
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
    epss-percentile: 0.99988
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: oracle
--- a/http/cves/2020/CVE-2020-14883.yaml
+++ b/http/cves/2020/CVE-2020-14883.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server.
  remediation: |
    Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability.
  reference:
    - https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883
@ -16,14 +18,14 @@ info:
    cvss-score: 7.2
    cve-id: CVE-2020-14883
    epss-score: 0.97537
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
    epss-percentile: 0.99989
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
-    shodan-query: title:"Oracle PeopleSoft Sign-in"
+    max-request: 1
    vendor: oracle
    product: weblogic_server
    shodan-query: title:"Oracle PeopleSoft Sign-in"
  tags: oracle,rce,weblogic,kev,packetstorm,cve,cve2020
 variables:
  str: "{{randstr}}"
--- a/http/cves/2020/CVE-2020-15050.yaml
+++ b/http/cves/2020/CVE-2020-15050.yaml
@ -5,6 +5,8 @@ info:
  author: gy741
  severity: high
  description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion.
  remediation: |
    Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability.
  reference:
    - http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html
    - https://www.supremainc.com/en/support/biostar-2-pakage.asp
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-15050
    cwe-id: CWE-22
    epss-score: 0.13878
    cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*
    epss-percentile: 0.94934
    cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: supremainc
--- a/http/cves/2020/CVE-2020-15129.yaml
+++ b/http/cves/2020/CVE-2020-15129.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: medium
  description: Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Apply the vendor-provided patch or upgrade to a non-vulnerable version of Traefik.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
    - https://github.com/containous/traefik/releases/tag/v2.2.8
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-15129
    cwe-id: CWE-601
    epss-score: 0.00519
    cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
    epss-percentile: 0.73814
    cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: traefik
--- a/http/cves/2020/CVE-2020-15148.yaml
+++ b/http/cves/2020/CVE-2020-15148.yaml
@ -5,20 +5,20 @@ info:
  author: pikpikcu
  severity: critical
  description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input.
  remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory.
  reference:
    - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943
    - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md
    - https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99
    - https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj
  remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2020-15148
    cwe-id: CWE-502
    epss-score: 0.02226
    cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
    epss-percentile: 0.88079
    cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: yiiframework
--- a/http/cves/2020/CVE-2020-15227.yaml
+++ b/http/cves/2020/CVE-2020-15227.yaml
@ -5,6 +5,8 @@ info:
  author: becivells
  severity: critical
  description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework.
  remediation: |
    Apply the latest security patches provided by the Nette Framework to fix the deserialization vulnerability.
  reference:
    - https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
    - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-15227
    cwe-id: CWE-94,CWE-74
    epss-score: 0.97364
    cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:*
    epss-percentile: 0.99844
    cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: nette
--- a/http/cves/2020/CVE-2020-15500.yaml
+++ b/http/cves/2020/CVE-2020-15500.yaml
@ -5,6 +5,8 @@ info:
  author: Akash.C
  severity: medium
  description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js  because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page.
  remediation: |
    Upgrade TileServer GL to a version higher than 3.0.0 or apply the vendor-provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/maptiler/tileserver-gl/issues/461
    - http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-15500
    cwe-id: CWE-79
    epss-score: 0.0021
    cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:*
    epss-percentile: 0.58204
    cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: tileserver
--- a/http/cves/2020/CVE-2020-15505.yaml
+++ b/http/cves/2020/CVE-2020-15505.yaml
@ -9,6 +9,8 @@ info:
  author: dwisiswant0
  severity: critical
  description: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors.
  remediation: |
    Upgrade MobileIron Core & Connector and Sentry to versions above v10.6 & v9.8 respectively
  reference:
    - https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
    - https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505
@ -21,8 +23,8 @@ info:
    cve-id: CVE-2020-15505
    cwe-id: CWE-706
    epss-score: 0.97504
    cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*
    epss-percentile: 0.99964
    cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: mobileiron
--- a/http/cves/2020/CVE-2020-15568.yaml
+++ b/http/cves/2020/CVE-2020-15568.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: critical
  description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter.
  remediation: |
    Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability.
  reference:
    - https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-15568
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-15568
    cwe-id: CWE-913
    epss-score: 0.96537
    cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
    epss-percentile: 0.99422
    cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: terra-master
--- a/http/cves/2020/CVE-2020-15867.yaml
+++ b/http/cves/2020/CVE-2020-15867.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a "product UI does not warn user of unsafe actions" issue.
  remediation: |
    Upgrade Gogs to a version that is not affected by the vulnerability (0.12.3 or later).
  reference:
    - https://packetstormsecurity.com/files/162123/Gogs-Git-Hooks-Remote-Code-Execution.html
    - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/
@ -16,11 +18,11 @@ info:
    cvss-score: 7.2
    cve-id: CVE-2020-15867
    epss-score: 0.96465
    cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
    epss-percentile: 0.99385
    cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
  metadata:
    max-request: 7
    verified: true
    max-request: 7
    vendor: gogs
    product: gogs
  tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm,intrusive
--- a/http/cves/2020/CVE-2020-15895.yaml
+++ b/http/cves/2020/CVE-2020-15895.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks.
  remediation: |
    Apply the latest firmware update provided by D-Link to mitigate this vulnerability.
  reference:
    - https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/
    - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169
@ -16,13 +18,13 @@ info:
    cve-id: CVE-2020-15895
    cwe-id: CWE-79
    epss-score: 0.00187
    cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:*
    epss-percentile: 0.55288
    cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: html:"DIR-816L"
    vendor: d-link
    product: dir-816l_firmware
    shodan-query: html:"DIR-816L"
  tags: cve,cve2020,dlink,xss
 http:
--- a/http/cves/2020/CVE-2020-15920.yaml
+++ b/http/cves/2020/CVE-2020-15920.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: critical
  description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required.
  remediation: |
    Upgrade Mida eFramework to a version higher than 2.9.0 to mitigate the vulnerability.
  reference:
    - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html
    - http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-15920
    cwe-id: CWE-78
    epss-score: 0.97263
    cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:*
    epss-percentile: 0.9977
    cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: midasolutions
--- a/http/cves/2020/CVE-2020-16139.yaml
+++ b/http/cves/2020/CVE-2020-16139.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded.
  remediation: |
    Apply the latest firmware update provided by Cisco to mitigate this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html
    - https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
@ -15,8 +17,8 @@ info:
    cvss-score: 7.5
    cve-id: CVE-2020-16139
    epss-score: 0.01181
    cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:*
    epss-percentile: 0.83291
    cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: cisco
--- a/http/cves/2020/CVE-2020-16846.yaml
+++ b/http/cves/2020/CVE-2020-16846.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
  remediation: |
    Upgrade to a patched version of SaltStack (>=3003) to mitigate this vulnerability.
  reference:
    - https://saltproject.io/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
    - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
@ -18,8 +20,8 @@ info:
    cve-id: CVE-2020-16846
    cwe-id: CWE-78
    epss-score: 0.97514
    cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
    epss-percentile: 0.99971
    cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: saltstack
--- a/http/cves/2020/CVE-2020-16952.yaml
+++ b/http/cves/2020/CVE-2020-16952.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: high
  description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package.
  remediation: |
    Apply the latest security updates provided by Microsoft to address this vulnerability.
  reference:
    - https://srcincite.io/pocs/cve-2020-16952.py.txt
    - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-16952
    cwe-id: CWE-346
    epss-score: 0.19008
    cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
    epss-percentile: 0.95588
    cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: microsoft
--- a/http/cves/2020/CVE-2020-17362.yaml
+++ b/http/cves/2020/CVE-2020-17362.yaml
@ -5,6 +5,8 @@ info:
  author: daffainfo
  severity: medium
  description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.
  remediation: |
    Upgrade to Nova Lite version 1.3.9 or later to mitigate this vulnerability.
  reference:
    - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17362
@ -15,13 +17,13 @@ info:
    cve-id: CVE-2020-17362
    cwe-id: CWE-79
    epss-score: 0.00101
    cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:*
    epss-percentile: 0.40822
    cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    framework: wordpress
    vendor: themeinprogress
    product: nova_lite
    framework: wordpress
  tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth
 http:
--- a/http/cves/2020/CVE-2020-17453.yaml
+++ b/http/cves/2020/CVE-2020-17453.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: medium
  description: WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.
  remediation: |
    Upgrade to a patched version of WSO2 Carbon Management Console (5.11 or above) or apply the provided security patch to mitigate this vulnerability.
  reference:
    - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17453
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-17453
    cwe-id: CWE-79
    epss-score: 0.01736
    cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
    epss-percentile: 0.86329
    cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: wso2
--- a/http/cves/2020/CVE-2020-17456.yaml
+++ b/http/cves/2020/CVE-2020-17456.yaml
@ -5,6 +5,8 @@ info:
  author: gy741,edoardottt
  severity: critical
  description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.
  remediation: |
    Apply the latest firmware update provided by the vendor to mitigate this vulnerability.
  reference:
    - https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17456
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-17456
    cwe-id: CWE-78
    epss-score: 0.97265
    cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*
    epss-percentile: 0.99771
    cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: seowonintech
--- a/http/cves/2020/CVE-2020-17463.yaml
+++ b/http/cves/2020/CVE-2020-17463.yaml
@ -6,27 +6,27 @@ info:
  severity: critical
  description: |
    FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
  remediation: Fixed in version 115
  reference:
    - https://www.exploit-db.com/exploits/48741
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17463
    - http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html
    - https://getfuelcms.com/
    - https://cwe.mitre.org/data/definitions/89.html
  remediation: Fixed in version 115
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-17463
    cwe-id: CWE-89
    epss-score: 0.8963
    cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
    epss-percentile: 0.98341
    cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    verified: true
-    shodan-query: http.title:"fuel cms"
+    max-request: 3
    vendor: thedaylightstudio
    product: fuel_cms
    shodan-query: http.title:"fuel cms"
  tags: packetstorm,cve,cve2020,sqli,fuel-cms,kev
 http:
--- a/http/cves/2020/CVE-2020-17496.yaml
+++ b/http/cves/2020/CVE-2020-17496.yaml
@ -5,6 +5,8 @@ info:
  author: pussycat0x
  severity: critical
  description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.'
  remediation: |
    Upgrade vBulletin to a version that is not affected by CVE-2020-17496.
  reference:
    - https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17496
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-17496
    cwe-id: CWE-74
    epss-score: 0.97475
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
    epss-percentile: 0.99945
    cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: vbulletin
--- a/http/cves/2020/CVE-2020-17505.yaml
+++ b/http/cves/2020/CVE-2020-17505.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: high
  description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
  remediation: |
    Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17505
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-17505
    cwe-id: CWE-78
    epss-score: 0.96863
    cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
    epss-percentile: 0.99563
    cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: articatech
--- a/http/cves/2020/CVE-2020-17506.yaml
+++ b/http/cves/2020/CVE-2020-17506.yaml
@ -5,6 +5,8 @@ info:
  author: dwisiswant0
  severity: critical
  description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
  remediation: |
    Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability.
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17506
    - http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-17506
    cwe-id: CWE-89
    epss-score: 0.96091
    cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
    epss-percentile: 0.9927
    cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: articatech
--- a/http/cves/2020/CVE-2020-17518.yaml
+++ b/http/cves/2020/CVE-2020-17518.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER.
  remediation: |
    Upgrade Apache Flink to a version that is not affected by the vulnerability (1.5.2 or later).
  reference:
    - https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518
    - https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E
@ -18,8 +20,8 @@ info:
    cve-id: CVE-2020-17518
    cwe-id: CWE-22,CWE-23
    epss-score: 0.97465
    cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
    epss-percentile: 0.99936
    cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: apache
--- a/http/cves/2020/CVE-2020-17519.yaml
+++ b/http/cves/2020/CVE-2020-17519.yaml
@ -5,6 +5,8 @@ info:
  author: pdteam
  severity: high
  description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion).
  remediation: |
    Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability.
  reference:
    - https://github.com/B1anda0/CVE-2020-17519
    - https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-17519
    cwe-id: CWE-552
    epss-score: 0.97432
    cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
    epss-percentile: 0.99903
    cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
--- a/http/cves/2020/CVE-2020-17526.yaml
+++ b/http/cves/2020/CVE-2020-17526.yaml
@ -6,27 +6,27 @@ info:
  severity: high
  description: |
    Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session.
  remediation: Change default value for [webserver] secret_key config.
  reference:
    - https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise
    - https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E
    - http://www.openwall.com/lists/oss-security/2020/12/21/1
    - https://nvd.nist.gov/vuln/detail/CVE-2020-17526
    - https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E
  remediation: Change default value for [webserver] secret_key config.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 7.7
    cve-id: CVE-2020-17526
    cwe-id: CWE-287
    epss-score: 0.03274
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
    epss-percentile: 0.90012
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    fofa-query: Apache Airflow
    verified: true
    max-request: 2
    vendor: apache
    product: airflow
    fofa-query: Apache Airflow
  tags: cve,cve2020,apache,airflow,auth-bypass
 http:
--- a/http/cves/2020/CVE-2020-17530.yaml
+++ b/http/cves/2020/CVE-2020-17530.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: critical
  description: Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it.
  remediation: |
    Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts.
  reference:
    - http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html
    - http://jvn.jp/en/jp/JVN43969166/index.html
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-17530
    cwe-id: CWE-917
    epss-score: 0.97161
    cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
    epss-percentile: 0.99704
    cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
--- a/http/cves/2020/CVE-2020-18268.yaml
+++ b/http/cves/2020/CVE-2020-18268.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: medium
  description: Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Upgrade Z-Blog to version 1.5.3 or later to fix the open redirect vulnerability.
  reference:
    - https://github.com/zblogcn/zblogphp/issues/216
    - https://github.com/zblogcn/zblogphp/issues/209
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-18268
    cwe-id: CWE-601
    epss-score: 0.00138
    cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:*
    epss-percentile: 0.48623
    cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: zblogcn
--- a/http/cves/2020/CVE-2020-19282.yaml
+++ b/http/cves/2020/CVE-2020-19282.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: medium
  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
  remediation: |
    Upgrade to the latest version of Jeesns or apply the vendor-provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/zchuanzhao/jeesns/issues/11
    - https://www.seebug.org/vuldb/ssvid-97940
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-19282
    cwe-id: CWE-79
    epss-score: 0.00135
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
    epss-percentile: 0.47974
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jeesns
--- a/http/cves/2020/CVE-2020-19283.yaml
+++ b/http/cves/2020/CVE-2020-19283.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: medium
  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML.
  remediation: |
    Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/zchuanzhao/jeesns/issues/10
    - https://www.seebug.org/vuldb/ssvid-97939
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-19283
    cwe-id: CWE-79
    epss-score: 0.00135
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
    epss-percentile: 0.47974
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: jeesns
--- a/http/cves/2020/CVE-2020-19295.yaml
+++ b/http/cves/2020/CVE-2020-19295.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: medium
  description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.
  remediation: |
    Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability.
  reference:
    - https://github.com/zchuanzhao/jeesns/issues/21
    - https://www.seebug.org/vuldb/ssvid-97950
@ -15,13 +17,13 @@ info:
    cve-id: CVE-2020-19295
    cwe-id: CWE-79
    epss-score: 0.00116
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
    epss-percentile: 0.44609
    cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    fofa-query: title="Jeesns"
    vendor: jeesns
    product: jeesns
    fofa-query: title="Jeesns"
  tags: cve,cve2020,jeesns,xss
 http:
--- a/http/cves/2020/CVE-2020-19360.yaml
+++ b/http/cves/2020/CVE-2020-19360.yaml
@ -5,6 +5,8 @@ info:
  author: 0x_Akoko
  severity: high
  description: FHEM version 6.0 suffers from a local file inclusion vulnerability.
  remediation: |
    Apply the latest patch or upgrade to a version that is not affected by the vulnerability.
  reference:
    - https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability/blob/master/README.md
    - https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-19360
    cwe-id: CWE-22
    epss-score: 0.08829
    cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:*
    epss-percentile: 0.93744
    cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: fhem
--- a/http/cves/2020/CVE-2020-1943.yaml
+++ b/http/cves/2020/CVE-2020-1943.yaml
@ -5,6 +5,8 @@ info:
  author: pdteam
  severity: medium
  description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.
  remediation: |
    Upgrade Apache OFBiz to a version higher than 16.11.07 to mitigate this vulnerability.
  reference:
    - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E
    - https://s.apache.org/pr5u8
@ -17,8 +19,8 @@ info:
    cve-id: CVE-2020-1943
    cwe-id: CWE-79
    epss-score: 0.9737
    cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
    epss-percentile: 0.99851
    cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: apache
--- a/http/cves/2020/CVE-2020-19515.yaml
+++ b/http/cves/2020/CVE-2020-19515.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php.
  remediation: |
    To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
  reference:
    - https://topsecalphalab.github.io/CVE/qdPM9.1-Installer-Cross-Site-Scripting
    - http://qdpm.net/download-qdpm-free-project-management
@ -16,14 +18,14 @@ info:
    cve-id: CVE-2020-19515
    cwe-id: CWE-79
    epss-score: 0.00102
    cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:*
    epss-percentile: 0.40864
    cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.favicon.hash:762074255
    verified: true
    max-request: 1
    vendor: qdpm
    product: qdpm
    shodan-query: http.favicon.hash:762074255
  tags: cve,cve2020,xss,qdpm,unauth
 http:
--- a/http/cves/2020/CVE-2020-1956.yaml
+++ b/http/cves/2020/CVE-2020-1956.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.
  remediation: |
    Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor.
  reference:
    - https://www.sonarsource.com/blog/apache-kylin-command-injection-vulnerability/
    - https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706
@ -18,14 +20,14 @@ info:
    cve-id: CVE-2020-1956
    cwe-id: CWE-78
    epss-score: 0.97423
    cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
    epss-percentile: 0.99894
    cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    verified: true
-    shodan-query: http.favicon.hash:-186961397
+    max-request: 2
    vendor: apache
    product: kylin
    shodan-query: http.favicon.hash:-186961397
  tags: cve,cve2020,apache,kylin,rce,oast,kev
 variables:
  username: "{{username}}:"
--- a/http/cves/2020/CVE-2020-19625.yaml
+++ b/http/cves/2020/CVE-2020-19625.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.
  remediation: |
    Apply the latest security patch or upgrade to a non-vulnerable version of Gridx.
  reference:
    - http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf
    - https://github.com/oria/gridx/issues/433
@ -15,8 +17,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2020-19625
    epss-score: 0.88684
    cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:*
    epss-percentile: 0.98276
    cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: gridx_project
--- a/http/cves/2020/CVE-2020-20285.yaml
+++ b/http/cves/2020/CVE-2020-20285.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://github.com/iohex/ZZCMS/blob/master/zzcms2019_login_xss.md
    - https://nvd.nist.gov/vuln/detail/CVE-2020-20285
@ -15,14 +17,14 @@ info:
    cve-id: CVE-2020-20285
    cwe-id: CWE-79
    epss-score: 0.0009
    cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*
    epss-percentile: 0.37386
    cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    fofa-query: zzcms
    verified: true
    max-request: 1
    vendor: zzcms
    product: zzcms
    fofa-query: zzcms
  tags: cve,cve2020,zzcms,xss
 http:
--- a/http/cves/2020/CVE-2020-20300.yaml
+++ b/http/cves/2020/CVE-2020-20300.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: critical
  description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.
  remediation: |
    Upgrade to a patched version of WeiPHP or apply the vendor-supplied patch to fix the SQL Injection vulnerability.
  reference:
    - https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md
    - https://nvd.nist.gov/vuln/detail/CVE-2020-20300
@ -15,14 +17,14 @@ info:
    cve-id: CVE-2020-20300
    cwe-id: CWE-89
    epss-score: 0.218
    cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:*
    epss-percentile: 0.95816
    cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    shodan-query: http.html:"WeiPHP5.0"
    verified: true
    max-request: 1
    vendor: weiphp
    product: weiphp
    shodan-query: http.html:"WeiPHP5.0"
  tags: weiphp,sql
 http:
--- a/http/cves/2020/CVE-2020-2036.yaml
+++ b/http/cves/2020/CVE-2020-2036.yaml
@ -6,6 +6,8 @@ info:
  severity: high
  description: |
    PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9.
  remediation: |
    Apply the latest security patches or updates provided by Palo Alto Networks to mitigate this vulnerability.
  reference:
    - https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/
    - https://security.paloaltonetworks.com/CVE-2020-2036
@ -16,8 +18,8 @@ info:
    cve-id: CVE-2020-2036
    cwe-id: CWE-79
    epss-score: 0.00951
    cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
    epss-percentile: 0.81231
    cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
  metadata:
    max-request: 3
    vendor: paloaltonetworks
@ -29,11 +31,9 @@ http:
      - |
        GET /_404_/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1
        Host: {{Hostname}}
--- a/http/cves/2020/CVE-2020-2096.yaml
+++ b/http/cves/2020/CVE-2020-2096.yaml
@ -5,6 +5,8 @@ info:
  author: madrobot
  severity: medium
  description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability.
  remediation: |
    Upgrade to the latest version of Jenkins Gitlab Hook plugin (>=1.4.3) to mitigate this vulnerability.
  reference:
    - https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683
    - http://www.openwall.com/lists/oss-security/2020/01/15/1
@ -16,14 +18,14 @@ info:
    cve-id: CVE-2020-2096
    cwe-id: CWE-79
    epss-score: 0.96767
    cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:*
    epss-percentile: 0.9952
    cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:*
  metadata:
    max-request: 1
    shodan-query: http.title:"GitLab"
    framework: jenkins
    vendor: jenkins
    product: gitlab_hook
    framework: jenkins
    shodan-query: http.title:"GitLab"
  tags: jenkins,xss,gitlab,plugin,packetstorm,cve,cve2020
 http:
--- a/http/cves/2020/CVE-2020-20982.yaml
+++ b/http/cves/2020/CVE-2020-20982.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu,ritikchaddha
  severity: critical
  description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://github.com/shadoweb/wdja/issues/1
    - https://nvd.nist.gov/vuln/detail/CVE-2020-20982
@ -14,11 +16,11 @@ info:
    cve-id: CVE-2020-20982
    cwe-id: CWE-79
    epss-score: 0.01894
    cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:*
    epss-percentile: 0.87011
    cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    max-request: 1
    vendor: wdja
    product: wdja_cms
  tags: cve,cve2020,xss,wdja,shadoweb
--- a/http/cves/2020/CVE-2020-20988.yaml
+++ b/http/cves/2020/CVE-2020-20988.yaml
@ -6,6 +6,8 @@ info:
  severity: medium
  description: |
    DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter.
  remediation: |
    Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability.
  reference:
    - https://mycvee.blogspot.com/p/xss2.html
    - https://nvd.nist.gov/vuln/detail/CVE-2020-20988
@ -15,11 +17,11 @@ info:
    cve-id: CVE-2020-20988
    cwe-id: CWE-79
    epss-score: 0.0009
    cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:*
    epss-percentile: 0.37386
    cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    verified: true
    max-request: 2
    vendor: domainmod
    product: domainmod
  tags: cve,cve2020,domainmod,xss,authenticated
--- a/http/cves/2020/CVE-2020-21012.yaml
+++ b/http/cves/2020/CVE-2020-21012.yaml
@ -6,6 +6,8 @@ info:
  severity: critical
  description: |
    Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0.
  reference:
    - https://github.com/hitIer/web_test/tree/master/hotel
    - https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html
@ -16,11 +18,11 @@ info:
    cve-id: CVE-2020-21012
    cwe-id: CWE-89
    epss-score: 0.07545
    cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*
    epss-percentile: 0.93277
    cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    verified: true
    max-request: 1
    vendor: hotel_and_lodge_booking_management_system_project
    product: hotel_and_lodge_booking_management_system
  tags: cve,cve2020,hotel,sqli,unauth
--- a/http/cves/2020/CVE-2020-2103.yaml
+++ b/http/cves/2020/CVE-2020-2103.yaml
@ -5,6 +5,8 @@ info:
  author: c-sh0
  severity: medium
  description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.
  remediation: |
    Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability.
  reference:
    - https://www.jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
    - https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695
@ -17,13 +19,13 @@ info:
    cve-id: CVE-2020-2103
    cwe-id: CWE-200
    epss-score: 0.00534
    cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
    epss-percentile: 0.74191
    cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
  metadata:
    max-request: 2
    shodan-query: http.favicon.hash:81586312
    vendor: jenkins
    product: jenkins
    shodan-query: http.favicon.hash:81586312
  tags: cve,cve2020,jenkins
 http:
--- a/http/cves/2020/CVE-2020-21224.yaml
+++ b/http/cves/2020/CVE-2020-21224.yaml
@ -5,6 +5,8 @@ info:
  author: pikpikcu
  severity: critical
  description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server.
  remediation: |
    Apply the latest security patches or updates provided by Inspur to mitigate this vulnerability.
  reference:
    - https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul
    - https://nvd.nist.gov/vuln/detail/CVE-2020-21224
@ -15,8 +17,8 @@ info:
    cve-id: CVE-2020-21224
    cwe-id: CWE-88
    epss-score: 0.03105
    cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:*
    epss-percentile: 0.89779
    cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: inspur
--- a/http/cves/2020/CVE-2020-2140.yaml
+++ b/http/cves/2020/CVE-2020-2140.yaml
@ -5,6 +5,8 @@ info:
  author: j3ssie/geraldino2
  severity: medium
  description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability.
  remediation: |
    Upgrade to the latest version of Jenkin Audit Trail (>=3.3) which includes a fix for this vulnerability.
  reference:
    - https://www.jenkins.io/security/advisory/2020-03-09/
    - https://nvd.nist.gov/vuln/detail/CVE-2020-2140
@ -16,13 +18,13 @@ info:
    cve-id: CVE-2020-2140
    cwe-id: CWE-79
    epss-score: 0.00181
    cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:*
    epss-percentile: 0.54659
    cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:*
  metadata:
    max-request: 2
    framework: jenkins
    vendor: jenkins
    product: audit_trail
    framework: jenkins
  tags: cve,cve2020,jenkins,xss,plugin
 http:
--- a/Show More
+++ b/Show More