Auto Generated CVE annotations [Fri Mar 17 17:31:47 UTC 2023] 🤖
parent
663c30267a
commit
a516fabc3b
|
@ -12,10 +12,10 @@ info:
|
||||||
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
|
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
|
||||||
- https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
|
- https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2015-2755
|
|
||||||
cwe-id: CWE-79
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
|
cve-id: CVE-2015-2755
|
||||||
|
cwe-id: CWE-79
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve
|
tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve
|
||||||
|
|
|
@ -13,9 +13,9 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-4063
|
- https://nvd.nist.gov/vuln/detail/CVE-2015-4063
|
||||||
remediation: Update to plugin version 0.9.9 or latest.
|
remediation: Update to plugin version 0.9.9 or latest.
|
||||||
classification:
|
classification:
|
||||||
cve-id: CVE-2015-4063
|
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
||||||
cvss-score: 5.4
|
cvss-score: 5.4
|
||||||
|
cve-id: CVE-2015-4063
|
||||||
cwe-id: CWE-80
|
cwe-id: CWE-80
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2019-6799
|
||||||
info:
|
info:
|
||||||
name: CVE-2019-6799
|
name: CVE-2019-6799
|
||||||
author: pwnhxl
|
author: pwnhxl
|
||||||
severity: high
|
severity: medium
|
||||||
description: |
|
description: |
|
||||||
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
|
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
|
||||||
reference:
|
reference:
|
||||||
|
@ -13,11 +13,15 @@ info:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-6799
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-6799
|
||||||
- https://github.com/rmb122/rogue_mysql_server
|
- https://github.com/rmb122/rogue_mysql_server
|
||||||
- https://github.com/vulnspy/phpmyadmin-4.8.4-allowarbitraryserver
|
- https://github.com/vulnspy/phpmyadmin-4.8.4-allowarbitraryserver
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 5.9
|
||||||
|
cve-id: CVE-2019-6799
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
|
||||||
shodan-query: title:"phpmyadmin"
|
|
||||||
hunter-query: app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4"
|
|
||||||
fofa-query: body="pma_servername" && body="4.8.4"
|
fofa-query: body="pma_servername" && body="4.8.4"
|
||||||
|
hunter-query: app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4"
|
||||||
|
shodan-query: title:"phpmyadmin"
|
||||||
|
verified: "true"
|
||||||
tags: cve,cve2019,phpmyadmin,mysql,fileread
|
tags: cve,cve2019,phpmyadmin,mysql,fileread
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2023-23492
|
||||||
info:
|
info:
|
||||||
name: Login with Phone Number - Cross-Site Scripting
|
name: Login with Phone Number - Cross-Site Scripting
|
||||||
author: r3Y3r53
|
author: r3Y3r53
|
||||||
severity: medium
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
|
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
|
||||||
|
|
||||||
|
@ -13,10 +13,10 @@ info:
|
||||||
- https://www.tenable.com/security/research/tra-2023-3
|
- https://www.tenable.com/security/research/tra-2023-3
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492
|
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 5.4
|
cvss-score: 8.8
|
||||||
cwe-id: CWE-80
|
|
||||||
cve-id: CVE-2023-23492
|
cve-id: CVE-2023-23492
|
||||||
|
cwe-id: CWE-89
|
||||||
metadata:
|
metadata:
|
||||||
verified: "true"
|
verified: "true"
|
||||||
tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023
|
tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023
|
||||||
|
|
|
@ -11,7 +11,7 @@ info:
|
||||||
- https://redshark1802.com/blog/2015/11/13/xpwn-exploiting-xdebug-enabled-servers/
|
- https://redshark1802.com/blog/2015/11/13/xpwn-exploiting-xdebug-enabled-servers/
|
||||||
- https://paper.seebug.org/397/
|
- https://paper.seebug.org/397/
|
||||||
- https://github.com/D3Ext/XDEBUG-Exploit
|
- https://github.com/D3Ext/XDEBUG-Exploit
|
||||||
tags: php,debug,xdebug,oast,rce
|
tags: oast,rce,vulhub,php,debug,xdebug
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- raw:
|
- raw:
|
||||||
|
|
Loading…
Reference in New Issue