Dashboard Content Enhancements (#3961)
* Enhancement: default-logins/viewpoint/trilithic-viewpoint-login.yaml by mp * Enhancement: default-logins/visionhub/visionhub-default-login.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/wifisky/wifisky-default-login.yaml by mp * Enhancement: default-logins/wso2/wso2-default-login.yaml by mp * Enhancement: default-logins/xerox/xerox7-default-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: default-logins/zabbix/zabbix-default-login.yaml by mp * Enhancement: default-logins/zmanda/zmanda-default-login.yaml by mp * Enhancement: dns/azure-takeover-detection.yaml by mp * Enhancement: dns/cname-fingerprint.yaml by mp * Enhancement: dns/cname-service-detection.yaml by mp * Enhancement: dns/detect-dangling-cname.yaml by mp * Enhancement: dns/dns-waf-detect.yaml by mp * Enhancement: default-logins/weblogic/weblogic-weak-login.yaml by mp * Enhancement: default-logins/xxljob/xxljob-default-login.yaml by mp * Enhancement: dns/dnssec-detection.yaml by mp * Enhancement: dns/ec2-detection.yaml by mp * Add CVSS/CWE * Trailing space * Linting error on comment indentation * Typo * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: cves/2020/CVE-2020-23517.yaml by mp * Enhancement: dns/elasticbeantalk-takeover.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/nameserver-fingerprint.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: dns/txt-fingerprint.yaml by mp * Enhancement: dns/worksites-detection.yaml by mp * Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp * Enhancement: exposed-panels/acemanager-login.yaml by mp * Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp * Enhancement: dns/mx-fingerprint.yaml by mp * Enhancement: dns/mx-service-detector.yaml by mp * Enhancement: dns/ptr-fingerprint.yaml by mp * Enhancement: dns/servfail-refused-hosts.yaml by mp * Enhancement: dns/spoofable-spf-records-ptr.yaml by mp * Enhancement: cves/2021/CVE-2021-39501.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: cves/2021/CVE-2021-40856.yaml by mp * Enhancement: cves/2021/CVE-2021-40859.yaml by mp * Enhancement: cves/2021/CVE-2021-40323.yaml by mp * Enhancement: cves/2021/CVE-2021-40539.yaml by mp * Enhancement: cves/2010/CVE-2010-1875.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/akamai-cloudtest.yaml by mp * Enhancement: exposed-panels/alfresco-detect.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: exposed-panels/amcrest-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: exposed-panels/alienvault-usm.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/ambari-exposure.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp * Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp * Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp * Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp * Enhancement: exposed-panels/ampps-panel.yaml by mp * Enhancement: exposed-panels/ampps-admin-panel.yaml by mp * Enhancement: exposed-panels/ametys-admin-login.yaml by mp * Enhancement: cves/2010/CVE-2010-1878.yaml by mp * Fix encoded chars * trailing space * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp * Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: misconfiguration/horde-unauthenticated.yaml by mp * Enhancement: cves/2021/CVE-2021-40542.yaml by mp * Enhancement: exposed-panels/apiman-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1873.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp * Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp * Enhancement: exposed-panels/argocd-login.yaml by mp * Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp * Enhancement: exposed-panels/atvise-login.yaml by mp * Enhancement: exposed-panels/avantfax-panel.yaml by mp * Enhancement: exposed-panels/avatier-password-management.yaml by mp * Enhancement: exposed-panels/axigen-webadmin.yaml by mp * Enhancement: exposed-panels/axigen-webmail.yaml by mp * Enhancement: exposed-panels/azkaban-web-client.yaml by mp * Enhancement: exposed-panels/acunetix-panel.yaml by mp * Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp * Enhancement: exposed-panels/adminer-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1870.yaml by mp * Enhancement: exposed-panels/adminset-panel.yaml by mp * Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp * Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp * Enhancement: exposed-panels/advance-setup.yaml by mp * Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp * Enhancement: exposed-panels/aims-password-portal.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * Enhancement: exposed-panels/airflow-panel.yaml by mp * spacing issues * Spacing * HTML codes improperly interpreted Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml * Enhancement: technologies/waf-detect.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp * Enhancement: network/sap-router-info-leak.yaml by mp * Enhancement: network/exposed-adb.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp * Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp * Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp * Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp * indentation issue * Character encoding issue fix * Enhancement: default-logins/alibaba/canal-default-login.yaml by mp * Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Enhancement: default-logins/apache/airflow-default-login.yaml by mp * Enhancement: default-logins/apache/apisix-default-login.yaml by mp * Enhancement: default-logins/apollo/apollo-default-login.yaml by mp * Enhancement: default-logins/arl/arl-default-login.yaml by mp * Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp * Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp * Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp * Enhancement: dns/caa-fingerprint.yaml by mp * Enhancement: exposed-panels/active-admin-exposure.yaml by mp * Enhancement: exposed-panels/activemq-panel.yaml by mp * Enhancement: default-logins/ambari/ambari-default-login.yaml by mp * Restore & stomped by dashboard * Enhancement: cves/2010/CVE-2010-1653.yaml by mp * Enhancement: cves/2021/CVE-2021-38751.yaml by mp * Enhancement: cves/2021/CVE-2021-39320.yaml by mp * Enhancement: cves/2021/CVE-2021-39322.yaml by mp * Enhancement: cves/2021/CVE-2021-39327.yaml by mp * Enhancement: cves/2021/CVE-2021-39350.yaml by mp * Enhancement: cves/2021/CVE-2021-39433.yaml by mp * Enhancement: cves/2021/CVE-2021-41192.yaml by mp * Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp * Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp * Enhancement: exposed-panels/aviatrix-panel.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Enhancement: exposed-panels/blue-iris-login.yaml by mp * Enhancement: exposed-panels/bigbluebutton-login.yaml by mp * Enhancement: cves/2022/CVE-2022-24288.yaml by mp * Enhancement: cves/2022/CVE-2022-24990.yaml by mp * Enhancement: cves/2022/CVE-2022-26159.yaml by mp * Enhancement: default-logins/aem/aem-default-login.yaml by mp * Spacing issues Add cve-id field * fix & stomping * Enhancement: cves/2016/CVE-2016-1000141.yaml by mp * Enhancement: cves/2020/CVE-2020-24912.yaml by mp * Enhancement: cves/2021/CVE-2021-35265.yaml by mp * Enhancement: cves/2022/CVE-2022-0437.yaml by mp * Enhancement: cves/2010/CVE-2010-1601.yaml by mp * Enhancement: technologies/teradici-pcoip.yaml by mp * Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp * Enhancement: cves/2010/CVE-2010-1475.yaml by mp * Enhancement: cves/2010/CVE-2010-1535.yaml by mp * Enhancement: exposed-panels/epson-web-control-detect.yaml by mp * Enhancement: exposed-panels/epson-access-detect.yaml by mp * Enhancement: cves/2020/CVE-2020-29453.yaml by mp * Fix spacing Co-authored-by: sullo <sullo@cirt.net>patch-1
parent
845093dcf7
commit
814d07fb7d
|
@ -3,11 +3,18 @@ id: CNVD-2021-15824
|
|||
info:
|
||||
name: EmpireCMS DOM Cross Site-Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
severity: high
|
||||
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/empirecms/
|
||||
- https://www.bilibili.com/read/cv10441910
|
||||
- https://vul.wangan.com/a/CNVD-2021-15824
|
||||
tags: empirecms,cnvd,cnvd2021,xss,domxss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cve-id:
|
||||
cwe-id: CWE-79
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -26,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -5,13 +5,12 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
remediation: Upgrade to a supported version.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12147
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1475
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cve-id: CVE-2010-1475
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -25,4 +24,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2010-1535
|
||||
|
||||
info:
|
||||
name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
remediation: Upgrade to a supported version.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12151
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1535
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cve-id: CVE-2010-1535
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -23,4 +24,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/12236
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1601
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cve-id: CVE-2010-1601
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -25,4 +25,4 @@ requests:
|
|||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/06
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,16 +1,17 @@
|
|||
id: CVE-2010-1653
|
||||
|
||||
info:
|
||||
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
remediation: Upgrade to a supported version.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12430
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1653
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
classification:
|
||||
cve-id: CVE-2010-1653
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
|
@ -23,4 +24,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -9,6 +9,8 @@ info:
|
|||
- https://www.exploit-db.com/exploits/36619
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-2166
|
||||
tags: cve,cve2015,lfi,ericsson
|
||||
classification:
|
||||
cve-id: CVE-2015-2166
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
|
@ -1,11 +1,14 @@
|
|||
id: CVE-2016-1000141
|
||||
|
||||
info:
|
||||
name: Page Layout builder v1.9.3 - Reflected Cross-Site Scripting (XSS)
|
||||
name: WordPress Page Layout builder v1.9.3 - Reflected Cross-Site Scripting
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Reflected XSS in wordpress plugin page-layout-builder v1.9.3
|
||||
reference: https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
|
||||
description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability.
|
||||
remediation: Upgrade to version 2.0 or higher.
|
||||
reference:
|
||||
- http://www.vapidlabs.com/wp/wp_advisory.php?v=358
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-1000141
|
||||
tags: cve,cve2016,wordpress,xss,wp-plugin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
|
@ -33,3 +36,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -4,17 +4,18 @@ info:
|
|||
name: QCube Cross-Site-Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
|
||||
description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
|
||||
reference:
|
||||
- https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03
|
||||
- https://github.com/qcubed/qcubed/pull/1320/files
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-24912
|
||||
- http://seclists.org/fulldisclosure/2021/Mar/30
|
||||
tags: cve,cve2020,qcubed,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2020-24912
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2020,qcubed,xss
|
||||
|
||||
requests:
|
||||
- method: POST
|
||||
|
@ -38,3 +39,5 @@ requests:
|
|||
words:
|
||||
- 'Content-Type: text/html'
|
||||
part: header
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,17 +1,19 @@
|
|||
id: CVE-2020-29453
|
||||
|
||||
info:
|
||||
name: Pre-Auth Limited Arbitrary File Read in Jira Server
|
||||
name: Jira Server Pre-Auth Limited Arbitrary File Read
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check.
|
||||
reference: https://jira.atlassian.com/browse/JRASERVER-72014
|
||||
tags: cve,cve2020,atlassian,jira,lfi
|
||||
reference:
|
||||
- https://jira.atlassian.com/browse/JRASERVER-72014
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-29453
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.30
|
||||
cve-id: CVE-2020-29453
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2020,atlassian,jira,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -29,3 +31,5 @@ requests:
|
|||
words:
|
||||
- '<groupId>com.atlassian.jira</groupId>'
|
||||
part: body
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -4,16 +4,16 @@ info:
|
|||
name: MaxSite CMS XSS
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
|
||||
description: A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page."
|
||||
reference:
|
||||
- https://github.com/maxsite/cms/issues/414#issue-726249183
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-35265
|
||||
tags: cve,cve2021,maxsite,xss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2021-35265
|
||||
cwe-id: CWE-79
|
||||
tags: cve,cve2021,maxsite,xss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -4,12 +4,9 @@ info:
|
|||
name: ExponentCMS <= 2.6 Host Header Injection
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
A HTTP Host header attack exists in ExponentCMS 2.6
|
||||
and below in /exponent_constants.php. A modified HTTP
|
||||
header can change links on the webpage to an arbitrary value,
|
||||
leading to a possible attack vector for MITM.
|
||||
description: "An HTTP Host header attack exists in ExponentCMS 2.6 and below in /exponent_constants.php. A modified HTTP header can change links on the webpage to an arbitrary value,leading to a possible attack vector for MITM."
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-38751
|
||||
- https://github.com/exponentcms/exponent-cms/issues/1544
|
||||
- https://github.com/exponentcms/exponent-cms/blob/a9fa9358c5e8dc2ce7ad61d7d5bea38505b8515c/exponent_constants.php#L56-L64
|
||||
tags: cve,cve2021,exponentcms
|
||||
|
@ -40,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-39320
|
||||
|
||||
info:
|
||||
name: underConstruction < 1.19 - Reflected Cross-Site Scripting
|
||||
name: WordPress underConstruction Plugin< 1.19 - Reflected Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
|
||||
description: "The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path."
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/49ae1df0-d6d2-4cbb-9a9d-bf3599429875
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-39320
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-39322
|
||||
|
||||
info:
|
||||
name: Easy Social Icons < 3.0.9 - Reflected Cross-Site Scripting
|
||||
name: WordPress Easy Social Icons Plugin < 3.0.9 - Reflected Cross-Site Scripting
|
||||
author: dhiyaneshDK
|
||||
severity: medium
|
||||
description: The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
|
||||
description: "The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected cross-site scripting attack by injecting malicious code in the request path."
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/5e0bf0b6-9809-426b-b1d4-1fb653083b58
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-39322
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -4,7 +4,7 @@ info:
|
|||
name: WordPress BulletProof Security 5.1 Information Disclosure
|
||||
author: geeknik
|
||||
severity: medium
|
||||
description: The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1.
|
||||
description: "The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up to, and including, 5.1."
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/164420/wpbulletproofsecurity51-disclose.txt
|
||||
- https://www.wordfence.com/vulnerability-advisories/#CVE-2021-39327
|
||||
|
@ -39,3 +39,5 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- 'text/plain'
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-39350
|
||||
|
||||
info:
|
||||
name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected XSS
|
||||
name: FV Flowplayer Video Player WordPress plugin - Authenticated Reflected Cross-Site Scripting
|
||||
author: gy741
|
||||
severity: medium
|
||||
description: The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts, in versions 7.5.0.727 - 7.5.2.727.
|
||||
description: "The FV Flowplayer Video Player WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the player_id parameter found in the ~/view/stats.php file which allows attackers to inject arbitrary web scripts in versions 7.5.0.727 - 7.5.2.727."
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/e9adc166-be7f-4066-a2c1-7926c6304fc9
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-39350
|
||||
|
@ -46,3 +46,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-39433
|
||||
|
||||
info:
|
||||
name: BIQS IT Biqs-drive v1.83 LFI
|
||||
name: BIQS IT Biqs-drive v1.83 Local File Inclusion
|
||||
author: Veshraj
|
||||
severity: high
|
||||
description: A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
|
||||
description: "A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user."
|
||||
reference:
|
||||
- https://github.com/PinkDraconian/CVE-2021-39433/blob/main/README.md
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39433
|
||||
|
@ -28,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2021-41192
|
||||
|
||||
info:
|
||||
name: Redash Setup Configuration - Default secrets
|
||||
name: Redash Setup Configuration - Default Secrets Disclosure
|
||||
author: bananabr
|
||||
severity: medium
|
||||
description: If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value.
|
||||
description: "Redash Setup Configuration is vulnerable to default secrets disclosure (Insecure Default Initialization of Resource). If an admin sets up Redash versions <=10.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all installations. In such cases, the instance is vulnerable to attackers being able to forge sessions using the known default value."
|
||||
reference:
|
||||
- https://hackerone.com/reports/1380121
|
||||
- https://github.com/getredash/redash/security/advisories/GHSA-g8xr-f424-h2rv
|
||||
|
@ -37,3 +37,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,22 +1,22 @@
|
|||
id: CVE-2022-0437
|
||||
|
||||
info:
|
||||
name: Cross-site Scripting (XSS) - DOM in karma-runner
|
||||
name: karma-runner DOM-based Cross-Site Scripting
|
||||
author: pikpikcu
|
||||
severity: medium
|
||||
description: Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14.
|
||||
description: NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.
|
||||
reference:
|
||||
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
|
||||
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-0437
|
||||
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
|
||||
- https://github.com/karma-runner/karma
|
||||
tags: cve,cve2022,karma,xss,oss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.10
|
||||
cve-id: CVE-2022-0437
|
||||
cwe-id: CWE-79
|
||||
reference:
|
||||
- https://huntr.dev/bounties/64b67ea1-5487-4382-a5f6-e8a95f798885
|
||||
- https://github.com/karma-runner/karma/commit/839578c45a8ac42fbc1d72105f97eab77dd3eb8a
|
||||
tags: cve,cve2022,karma,xss,oss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -47,3 +47,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'to_string(version) <= "6.3.13"'
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,11 +1,13 @@
|
|||
id: CVE-2022-24288
|
||||
|
||||
info:
|
||||
name: Apache Airflow CVE-2022-24288 OS Command Injection
|
||||
name: Apache Airflow OS Command Injection
|
||||
author: xeldax
|
||||
severity: critical
|
||||
description: In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
|
||||
reference: https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
|
||||
description: Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-3v7g-4pg3-7r6j
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24288
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -26,3 +28,5 @@ requests:
|
|||
- type: word
|
||||
words:
|
||||
- 'foo was passed in via Airflow CLI Test command with value {{ params.foo }}' # Works with unauthenticated airflow instance
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,16 +1,18 @@
|
|||
id: CVE-2022-24990
|
||||
|
||||
info:
|
||||
name: TerraMaster TOS < 4.2.30 - Server Information Disclosure
|
||||
name: TerraMaster TOS < 4.2.30 Server Information Disclosure
|
||||
author: dwisiswant0
|
||||
severity: medium
|
||||
description: |
|
||||
TerraMaster NAS devices running TOS prior to version
|
||||
4.2.30 is vulnerable to information disclosure
|
||||
reference: https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
|
||||
description: "TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure."
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-23990
|
||||
- https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
|
||||
metadata:
|
||||
shodan-query: TerraMaster
|
||||
tags: cve,cve2022,terramaster,exposure
|
||||
classification:
|
||||
cve-id: CVE-2022-24990
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -39,3 +41,5 @@ requests:
|
|||
- "(ADDR|(IFC|PWD|[DS]AT)):"
|
||||
- "\"((firmware|(version|ma(sk|c)|port|url|ip))|hostname)\":" # cherry pick
|
||||
condition: or
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
id: CVE-2022-26159
|
||||
|
||||
info:
|
||||
name: Ametys CMS - Unauthenticated information disclosure
|
||||
name: Ametys CMS Information Disclosure
|
||||
author: Remi Gascou (podalirius)
|
||||
severity: medium
|
||||
description: The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.
|
||||
description: "Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords."
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-26159
|
||||
- https://podalirius.net/en/cves/2022-26159/
|
||||
|
@ -35,3 +35,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -3,8 +3,16 @@ id: aem-default-login
|
|||
info:
|
||||
name: Adobe AEM Default Login
|
||||
author: random-robbie
|
||||
severity: critical
|
||||
severity: high
|
||||
description: Adobe AEM default login credentials were discovered.
|
||||
reference:
|
||||
- https://experienceleague.adobe.com/docs/experience-manager-64/administering/security/security-checklist.html?lang=en
|
||||
tags: aem,default-login,adobe
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
|
@ -44,3 +52,5 @@ requests:
|
|||
words:
|
||||
- login-token
|
||||
- crx.default
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -3,6 +3,7 @@ id: ansible-semaphore-panel
|
|||
info:
|
||||
name: Ansible Semaphore Panel Detect
|
||||
author: Yuzhe-zhang-0
|
||||
description: An Ansible Semaphore login panel was detected.
|
||||
severity: info
|
||||
reference:
|
||||
- https://ansible-semaphore.com/
|
||||
|
@ -10,6 +11,11 @@ info:
|
|||
metadata:
|
||||
shodan-query: http.html:"Semaphore</title>"
|
||||
tags: panel,ansible,semaphore,cicd,oss
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -25,3 +31,5 @@ requests:
|
|||
- type: regex
|
||||
regex:
|
||||
- '<title(.*)>Semaphore</title>'
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,12 +1,20 @@
|
|||
id: aviatrix-panel
|
||||
|
||||
info:
|
||||
name: Aviatrix Panel Login
|
||||
name: Aviatrix Cloud Controller Panel Login
|
||||
author: pikpikcu,philippedelteil,daffainfo
|
||||
severity: info
|
||||
description: An Aviatrix Cloud Controller login panel was detected.
|
||||
reference:
|
||||
- https://docs.aviatrix.com/HowTos/controller_config.html
|
||||
metadata:
|
||||
shodan-query: http.title:"Aviatrix Cloud Controller"
|
||||
tags: panel,aviatrix
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -29,3 +37,5 @@ requests:
|
|||
name: "favicon"
|
||||
dsl:
|
||||
- "status_code==200 && (\"7c1c26856345cd7edbf250ead0dc9332\" == md5(body))"
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -3,9 +3,16 @@ id: bigbluebutton-login
|
|||
info:
|
||||
name: BigBlueButton Login Panel
|
||||
author: myztique
|
||||
description: A BigBlueButton login panel was detected.
|
||||
severity: info
|
||||
reference: https://github.com/bigbluebutton/greenlight
|
||||
reference:
|
||||
- https://github.com/bigbluebutton/greenlight
|
||||
tags: panel,bigbluebutton
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -26,3 +33,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'Greenlight<\/a>\. (.*)'
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -4,8 +4,16 @@ info:
|
|||
name: Blue Iris Login
|
||||
author: dhiyaneshDK
|
||||
severity: info
|
||||
reference: https://www.exploit-db.com/ghdb/6814
|
||||
tags: panel
|
||||
description: A Blue Iris login panel was detected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/ghdb/6814
|
||||
- https://blueirissoftware.com/
|
||||
tags: panel,blue-iris
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
@ -20,3 +28,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
id: epson-access-detect
|
||||
|
||||
info:
|
||||
name: Epson Printer Unauthorized Access Detect
|
||||
name: Epson Device Unauthorized Access Detect
|
||||
author: pussycat0x
|
||||
severity: medium
|
||||
description: A publicly available Epson device panel (printer, scanner, etc.) was detected.
|
||||
reference: https://www.exploit-db.com/ghdb/6922
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.8
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: iot,printer,panel,unauth,epson
|
||||
|
||||
requests:
|
||||
|
@ -30,3 +36,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- "<title>([A-Z-0-9]+) Series</title>"
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
id: epson-web-control-detect
|
||||
|
||||
info:
|
||||
name: Epson Printer
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
description: An Epson printer web panel was discovered.
|
||||
reference: https://www.exploit-db.com/ghdb/6873
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
tags: iot,printer,panel,unauth,epson
|
||||
|
||||
requests:
|
||||
|
@ -23,3 +30,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -4,6 +4,14 @@ info:
|
|||
name: Teradici PCoIP Detection
|
||||
author: pdteam
|
||||
severity: info
|
||||
description: Teradici PColP was detected.
|
||||
reference:
|
||||
- https://www.teradici.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cve-id:
|
||||
cwe-id: CWE-200
|
||||
tags: tech,pcoip
|
||||
|
||||
requests:
|
||||
|
@ -21,3 +29,5 @@ requests:
|
|||
group: 1
|
||||
regex:
|
||||
- 'PCoIP Connection Manager\/([0-9.]+)\.'
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
@ -1,10 +1,18 @@
|
|||
id: unauth-hoteldruid-panel
|
||||
|
||||
info:
|
||||
name: Unauthenticated Hoteldruid Panel
|
||||
name: Hoteldruid Management Panel Access
|
||||
author: princechaddha
|
||||
severity: high
|
||||
description: A vulnerability in Hoteldruid Panel allows remote unauthenticated users access to the management portal without authentication.
|
||||
reference: https://www.hoteldruid.com/
|
||||
reference:
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub/blob/master/2021/CVE-2021-42949.json
|
||||
- https://www.hoteldruid.com/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cve-id:
|
||||
cwe-id: CWE-522
|
||||
tags: hoteldruid,panel,unauth
|
||||
|
||||
requests:
|
||||
|
@ -26,3 +34,5 @@ requests:
|
|||
- "<b>INSERT:</b>"
|
||||
- "<b>TABLES:</b>"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
Loading…
Reference in New Issue