Auto Generated CVE annotations [Fri Mar 17 17:31:47 UTC 2023] 🤖

patch-1
GitHub Action 2023-03-17 17:31:47 +00:00
parent 663c30267a
commit a516fabc3b
5 changed files with 16 additions and 12 deletions

View File

@ -12,10 +12,10 @@ info:
- http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html
- https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755
classification:
cve-id: CVE-2015-2755
cwe-id: CWE-79
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2015-2755
cwe-id: CWE-79
metadata:
verified: "true"
tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve

View File

@ -13,9 +13,9 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2015-4063
remediation: Update to plugin version 0.9.9 or latest.
classification:
cve-id: CVE-2015-4063
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cve-id: CVE-2015-4063
cwe-id: CWE-80
metadata:
verified: "true"

View File

@ -3,7 +3,7 @@ id: CVE-2019-6799
info:
name: CVE-2019-6799
author: pwnhxl
severity: high
severity: medium
description: |
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
reference:
@ -13,11 +13,15 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2019-6799
- https://github.com/rmb122/rogue_mysql_server
- https://github.com/vulnspy/phpmyadmin-4.8.4-allowarbitraryserver
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 5.9
cve-id: CVE-2019-6799
metadata:
verified: "true"
shodan-query: title:"phpmyadmin"
hunter-query: app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4"
fofa-query: body="pma_servername" && body="4.8.4"
hunter-query: app.name="phpMyAdmin"&&web.body="pma_servername"&&web.body="4.8.4"
shodan-query: title:"phpmyadmin"
verified: "true"
tags: cve,cve2019,phpmyadmin,mysql,fileread
requests:

View File

@ -3,7 +3,7 @@ id: CVE-2023-23492
info:
name: Login with Phone Number - Cross-Site Scripting
author: r3Y3r53
severity: medium
severity: high
description: |
Login with Phone Number, versions < 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.
@ -13,10 +13,10 @@ info:
- https://www.tenable.com/security/research/tra-2023-3
- https://nvd.nist.gov/vuln/detail/CVE-2023-23492
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.4
cwe-id: CWE-80
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2023-23492
cwe-id: CWE-89
metadata:
verified: "true"
tags: login-with-phonenumber,wordpress,wp,wp-plugin,xss,tenable,cve,cve2023

View File

@ -11,7 +11,7 @@ info:
- https://redshark1802.com/blog/2015/11/13/xpwn-exploiting-xdebug-enabled-servers/
- https://paper.seebug.org/397/
- https://github.com/D3Ext/XDEBUG-Exploit
tags: php,debug,xdebug,oast,rce
tags: oast,rce,vulhub,php,debug,xdebug
requests:
- raw: