Auto Generated CVE annotations [Fri Sep 2 05:59:48 UTC 2022] 🤖

cves/2015/CVE-2015-4074.yaml

@@ -10,11 +10,11 @@ info:
     - https://www.cvedetails.com/cve/CVE-2015-4074
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2015-4074
     cwe-id: CWE-22
-  tags: cve,cve2015,joomla,plugin,lfi
+  tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
 
 requests:
   - method: GET

cves/2016/CVE-2016-6601.yaml

@@ -8,6 +8,7 @@ info:
   reference:
     - https://www.cvedetails.com/cve/CVE-2016-6601
     - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
+    - https://www.exploit-db.com/exploits/40229/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5

cves/2022/CVE-2022-29006.yaml

@@ -1,21 +1,23 @@
 id: CVE-2022-29006
 
-info:
-  name: Directory Management System  1.0 - SQLi Authentication Bypass
-  author: TenBird
-  severity: critical
-  description: |
-    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
-  reference:
-    - https://www.exploit-db.com/exploits/50370
-    - https://phpgurukul.com/directory-management-system-using-php-and-mysql/
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-29006
-  classification:
-    cve-id: CVE-2022-29006
-  metadata:
-    verified: true
-  tags: cve,cve2022,sqli,auth-bypass
-
+info:
+  name: Directory Management System  1.0 - SQLi Authentication Bypass
+  author: TenBird
+  severity: critical
+  description: |
+    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
+  reference:
+    - https://www.exploit-db.com/exploits/50370
+    - https://phpgurukul.com/directory-management-system-using-php-and-mysql/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29006
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-29006
+    cwe-id: CWE-89
+  metadata:
+    verified: "true"
+  tags: cve,cve2022,sqli,auth-bypass,edb
 requests:
   - raw:
       - |

cves/2022/CVE-2022-29009.yaml

@@ -1,21 +1,23 @@
 id: CVE-2022-29009
 
-info:
-  name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
-  author: TenBird
-  severity: critical
-  description: |
-    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
-  reference:
-    - https://www.exploit-db.com/exploits/50355
-    - https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
-    - https://nvd.nist.gov/vuln/detail/CVE-2022-29009
-  classification:
-    cve-id: CVE-2022-29009
-  metadata:
-    verified: true
-  tags: cve,cve2022,sqli,auth-bypass
-
+info:
+  name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
+  author: TenBird
+  severity: critical
+  description: |
+    Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
+  reference:
+    - https://www.exploit-db.com/exploits/50355
+    - https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-29009
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-29009
+    cwe-id: CWE-89
+  metadata:
+    verified: "true"
+  tags: cve2022,sqli,auth-bypass,edb,cve
 requests:
   - raw:
       - |