Auto Generated CVE annotations [Fri Sep 2 05:59:48 UTC 2022] 🤖

patch-1
GitHub Action 2022-09-02 05:59:48 +00:00
parent 5adfed8e6c
commit 7eaea4116b
4 changed files with 39 additions and 34 deletions

View File

@ -10,11 +10,11 @@ info:
- https://www.cvedetails.com/cve/CVE-2015-4074
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4074
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2015-4074
cwe-id: CWE-22
tags: cve,cve2015,joomla,plugin,lfi
tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin
requests:
- method: GET

View File

@ -8,6 +8,7 @@ info:
reference:
- https://www.cvedetails.com/cve/CVE-2016-6601
- https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
- https://www.exploit-db.com/exploits/40229/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5

View File

@ -1,21 +1,23 @@
id: CVE-2022-29006
info:
name: Directory Management System 1.0 - SQLi Authentication Bypass
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
reference:
- https://www.exploit-db.com/exploits/50370
- https://phpgurukul.com/directory-management-system-using-php-and-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29006
classification:
cve-id: CVE-2022-29006
metadata:
verified: true
tags: cve,cve2022,sqli,auth-bypass
info:
name: Directory Management System 1.0 - SQLi Authentication Bypass
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.
reference:
- https://www.exploit-db.com/exploits/50370
- https://phpgurukul.com/directory-management-system-using-php-and-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29006
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-29006
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve,cve2022,sqli,auth-bypass,edb
requests:
- raw:
- |

View File

@ -1,21 +1,23 @@
id: CVE-2022-29009
info:
name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
reference:
- https://www.exploit-db.com/exploits/50355
- https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29009
classification:
cve-id: CVE-2022-29009
metadata:
verified: true
tags: cve,cve2022,sqli,auth-bypass
info:
name: Cyber Cafe Management System Project v1.0 - SQLi Authentication Bypass
author: TenBird
severity: critical
description: |
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.
reference:
- https://www.exploit-db.com/exploits/50355
- https://phpgurukul.com/cyber-cafe-management-system-using-php-mysql/
- https://nvd.nist.gov/vuln/detail/CVE-2022-29009
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2022-29009
cwe-id: CWE-89
metadata:
verified: "true"
tags: cve2022,sqli,auth-bypass,edb,cve
requests:
- raw:
- |