daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Dashboard Content Enhancements (#5009) 

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-08-05 09:57:51 -04:00 committed by GitHub
parent 64cd216ab5
commit b2e886f09b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
65 changed files with 473 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vulnerabilities/eyou/eyou-email-rce.yaml → cves/2014/CVE-2014-1203.yaml
View File

@ -1,4 +1,4 @@
id: eyou-email-rce
id: CVE-2014-1203
info:
name: Eyou E-Mail <3.6 - Remote Code Execution

9
cves/2016/CVE-2016-10367.yaml
View File

@ -1,15 +1,14 @@
id: CVE-2016-10367
info:
name: Opsview Monitor Pro - Unauthenticated Directory Traversal
name: Opsview Monitor Pro - Local File Inclusion
author: 0x_akoko
severity: high
description: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass
description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.
reference:
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
- https://www.cvedetails.com/cve/CVE-2016-10367
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -35,3 +34,5 @@ requests:
- type: status
status:
- 404
# Enhanced by mp on 2022/08/03

8
cves/2019/CVE-2019-10717.yaml
View File

@ -1,15 +1,15 @@
id: CVE-2019-10717
info:
name: BlogEngine.NET 3.3.7.0 - Directory Traversal
name: BlogEngine.NET 3.3.7.0 - Local File Inclusion
author: arafatansari
severity: high
description: |
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter
BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
reference:
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
- https://github.com/rxtur/BlogEngine.NET/commits/master
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
cvss-score: 7.1
@ -39,3 +39,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

6
cves/2020/CVE-2020-10770.yaml
View File

@ -1,10 +1,10 @@
id: CVE-2020-10770
info:
name: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
name: Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
author: dhiyaneshDk
severity: medium
description: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
reference:
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
- https://www.exploit-db.com/exploits/50405
@ -27,3 +27,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
# Enhanced by cs 08/03/2022

8
vulnerabilities/other/unauth-rlm.yaml → cves/2021/CVE-2021-44152.yaml
View File

@ -4,14 +4,14 @@ info:
name: Reprise License Manager 14.2 - Authentication Bypass
author: Akincibor
severity: critical
description: Reprise License Manager (RLM( 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
classification:
cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-44152
cwe-id: CWE-288
cwe-id: CWE-287
tags: unauth,rlm
requests:

9
misconfiguration/d-link-arbitary-fileread.yaml
View File

@ -1,11 +1,16 @@
id: dlink-file-read
info:
name: D-Link - Arbitrary File Retrieval
name: D-Link - Local File Inclusion
author: dhiyaneshDK
severity: high
description: D-Link is vulnerable to local file inclusion.
reference:
- https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: dlink,lfi
requests:
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

12
misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
View File

@ -1,13 +1,17 @@
id: jolokia-unauthenticated-lfi
info:
name: Jolokia - Unauthenticated Local File Read
name: Jolokia - Local File Inclusion
author: dhiyaneshDk
severity: high
description: This exploit allow you to File read with compilerDirectivesAdd
description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd.
reference:
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
- https://github.com/laluka/jolokia-exploitation-toolkit
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: jolokia,springboot,tomcat,lfi
requests:
@ -28,4 +32,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by mp on 2022/08/03

9
technologies/elfinder-detect.yaml
View File

@ -1,9 +1,14 @@
id: elfinder-detect
info:
name: elFinder Detect
name: elFinder - Install Detection
author: pikpikcu
description: An elFinder implementation was discovered.
severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: tech,elfinder
requests:
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

1
vulnerabilities/other/74cms-sqli.yaml
View File

@ -10,7 +10,6 @@ info:
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-22210
cwe-id: CWE-89
tags: 74cms,sqli

9
vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml
View File

@ -1,11 +1,16 @@
id: hjtcloud-rest-arbitrary-file-read
info:
name: HJTcloud Arbitrary file read
name: HJTcloud - Local File Inclusion
author: pikpikcu
severity: low
description: HJTcloud is vulnerable to local file inclusion.
reference:
- https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: hjtcloud,lfi
requests:
@ -33,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

10
vulnerabilities/other/hrsale-unauthenticated-lfi.yaml
View File

@ -1,12 +1,16 @@
id: hrsale-unauthenticated-lfi
info:
name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi
name: Hrsale 2.0.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: This exploit allow you to download any readable file from server without permission and login session
description: Hrsale 2.0.0 is vulnerable to local file inclusion. This exploit allow you to download any readable file from server without permission and login session
reference:
- https://www.exploit-db.com/exploits/48920
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: hrsale,lfi
requests:
@ -24,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/huawei-hg659-lfi.yaml
View File

@ -1,11 +1,16 @@
id: huawei-hg659-lfi
info:
name: HUAWEI HG659 LFI
name: HUAWEI HG659 - Local File Inclusion
author: pikpikcu
severity: high
description: HUAWEI HG659 is vulnerable to local file inclusion.
reference:
- https://twitter.com/sec715/status/1406782172443287559
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,huawei
requests:
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

5
vulnerabilities/other/huijietong-cloud-fileread.yaml
View File

@ -1,8 +1,9 @@
id: huijietong-cloud-fileread
info:
name: Huijietong Cloud File Read
name: Huijietong - Local File Inclusion
author: princechaddha,ritikchaddha
description: Huijietong is vulnerable to local file inclusion.
severity: high
metadata:
fofa-query: body="/him/api/rest/v1.0/node/role"
@ -31,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/interlib-fileread.yaml
View File

@ -1,11 +1,16 @@
id: interlib-fileread
info:
name: Interlib Fileread
name: Interlib - Local File Inclusion
author: pikpikcu
description: Interlib is vulnerable to local file inclusion.
severity: high
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: interlib,lfi
requests:
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/jeewms-lfi.yaml
View File

@ -1,11 +1,16 @@
id: jeewms-lfi
info:
name: JEEWMS LFI
name: JEEWMS - Local File Inclusion
author: pikpikcu
severity: high
description: JEEWMS is vulnerable to local file inclusion.
reference:
- https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: jeewms,lfi
requests:
@ -33,3 +38,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

11
vulnerabilities/other/jinfornet-jreport-lfi.yaml
View File

@ -1,14 +1,17 @@
id: jinfornet-jreport-lfi
info:
name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
name: Jinfornet Jreport 15.6 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission.
This vulnerability affects Windows and Unix operating systems.
description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
reference:
- https://cxsecurity.com/issue/WLB-2020030151
- https://www.jinfonet.com/product/download-jreport/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: jreport,jinfornet,lfi
requests:
@ -26,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/joomla-com-fabrik-lfi.yaml
View File

@ -1,11 +1,16 @@
id: joomla-com-fabrik-lfi
info:
name: Joomla! com_fabrik 3.9.11 - Directory Traversal
name: Joomla! com_fabrik 3.9.11 - Local File Inclusion
author: dhiyaneshDk
severity: high
description: Joomla! com_fabrik 3.9.11 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/48263
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: joomla,lfi
requests:
@ -26,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

10
vulnerabilities/other/karel-ip-phone-lfi.yaml
View File

@ -1,13 +1,17 @@
id: karel-ip-phone-lfi
info:
name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal
name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
reference:
- https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: karel,lfi
requests:
@ -26,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

10
vulnerabilities/other/kingdee-eas-directory-traversal.yaml
View File

@ -1,12 +1,16 @@
id: kingdee-eas-directory-traversal
info:
name: Kingdee EAS - Directory Traversal
name: Kingdee EAS - Local File Inclusion
author: ritikchaddha
severity: medium
description: Kingdee OA server_file has a directory traversal vulnerability, attackers can obtain sensitive server information through directory traversal.
description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information.
reference:
- https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: kingdee,lfi,traversal
requests:
@ -33,3 +37,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/kingsoft-v8-file-read.yaml
View File

@ -1,11 +1,16 @@
id: kingsoft-v8-file-read
info:
name: Kingsoft V8 File Read
name: Kingsoft 8 - Local File Inclusion
author: ritikchaddha
severity: high
description: Kingsoft 8 is vulnerable to local file inclusion.
reference:
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: kingsoft,lfi
requests:
@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

10
vulnerabilities/other/kyocera-m2035dn-lfi.yaml
View File

@ -1,13 +1,17 @@
id: kyocera-m2035dn-lfi
info:
name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval
name: Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion
author: 0x_Akoko
severity: high
description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval.
description: Kyocera Command Center RX ECOSYS M2035dn is vulnerable to unauthenticated local file inclusion.
reference:
- https://www.exploit-db.com/exploits/50738
- https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: printer,iot,kyocera,lfi
requests:
@ -24,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/ns-asg-file-read.yaml
View File

@ -1,15 +1,20 @@
id: nsasg-arbitrary-file-read
info:
name: NS ASG Arbitrary File Read
name: NS ASG - Local File Inclusion
author: pikpikcu,ritikchaddha
severity: high
description: NS ASG is vulnerable to local file inclusion.
reference:
- https://zhuanlan.zhihu.com/p/368054963
- http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md
metadata:
fofa-query: app="网康科技-NS-ASG安全网关"
shodan-query: http.title:“NS-ASG”
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: nsasg,lfi
requests:
@ -31,3 +36,5 @@ requests:
- "$certfile"
- "application/pdf"
condition: and
# Enhanced by mp on 2022/08/03

9
vulnerabilities/other/nuuo-file-inclusion.yaml
View File

@ -1,11 +1,16 @@
id: nuuo-file-inclusion
info:
name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval
name: NUUO NVRmini 2 3.0.8 - Local File Inclusion
author: princechaddha
severity: high
description: NUUO NVRmini 2 3.0.8 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/40211
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: nuuo,lfi
requests:
@ -28,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/oliver-library-lfi.yaml
View File

@ -1,13 +1,17 @@
id: oliver-library-lfi
info:
name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval
name: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
author: gy741
severity: high
description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input.
description: Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function.
reference:
- https://www.exploit-db.com/exploits/50599
- https://www.softlinkint.com/product/oliver/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: windows,lfi,oliver
requests:
@ -23,3 +27,5 @@ requests:
- "fonts"
- "extensions"
condition: and
# Enhanced by mp on 2022/08/04

9
vulnerabilities/other/opencti-lfi.yaml
View File

@ -1,15 +1,20 @@
id: opencti-lfi
info:
name: OpenCTI 3.3.1 - Directory Traversal
name: OpenCTI 3.3.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: OpenCTI 3.3.1 is vulnerable to local file inclusion.
reference:
- https://cxsecurity.com/issue/WLB-2020060078
- https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1
metadata:
verified: true
shodan-query: http.html:"OpenCTI"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: opencti,lfi,oss
requests:
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

11
vulnerabilities/other/opensis-lfi.yaml
View File

@ -1,13 +1,16 @@
id: opensis-lfi
info:
name: openSIS 5.1 - 'ajax.php' Local File Inclusion
name: openSIS 5.1 - Local File Inclusion
author: pikpikcu
severity: high
description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker
to compromise the application and computer; other attacks are also possible.
description: openSIS 5.1 is vulnerable to local file inclusion and allows attackers to obtain potentially sensitive information by executing arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible.
reference:
- https://www.exploit-db.com/exploits/38039
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: opensis,lfi
requests:
@ -26,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

11
vulnerabilities/other/orbiteam-bscw-server-lfi.yaml
View File

@ -1,12 +1,17 @@
id: orbiteam-bscw-server-lfi
info:
name: OrbiTeam BSCW Server - Unauthenticated LFI
name: OrbiTeam BSCW Server - Local File Inclusion
author: 0x_Akoko
severity: high
description: |
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below are vulnerable to unauthenticated local file inclusion.
reference:
- https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: bscw,orbiteam,lfi,unauth
requests:
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

9
vulnerabilities/other/pacsone-server-lfi.yaml
View File

@ -1,11 +1,16 @@
id: pacsone-server-lfi
info:
name: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal
name: PACSOne Server 6.6.2 - Local File Inclusion
author: 0x_Akoko
severity: high
description: PACSOne Server 6.6.2 is vulnerable to local file inclusion via its integrated DICOM Web Viewer.
reference:
- https://cxsecurity.com/issue/WLB-2018010303
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: pacsone,lfi
requests:
@ -22,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

6
vulnerabilities/other/phpwiki-lfi.yaml
View File

@ -1,10 +1,10 @@
id: phpwiki-lfi
info:
name: phpwiki 1.5.4 - XSS / Local File Inclusion
name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
reference:
- https://www.exploit-db.com/exploits/38027
tags: phpwiki,lfi,xss
@ -24,3 +24,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/pmb-directory-traversal.yaml
View File

@ -1,12 +1,16 @@
id: pmb-directory-traversal
info:
name: PMB 5.6 - Arbitrary File Retrieval
name: PMB 5.6 - Local File Inclusion
author: geeknik
severity: medium
description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval.
description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter.
reference:
- https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi
requests:
@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

9
vulnerabilities/other/pmb-local-file-disclosure.yaml
View File

@ -1,11 +1,16 @@
id: pmb-local-file-disclosure
info:
name: PMB 5.6 - getgif.php Arbitrary File Retrieval
name: PMB 5.6 - Local File Inclusion
author: dhiyaneshDk
description: PMB 5.6 is vulnerable to local file inclusion.
severity: high
reference:
- https://www.exploit-db.com/exploits/49054
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,pmb
requests:
@ -21,3 +26,5 @@ requests:
- type: word
words:
- "root:x:0"
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/processmaker-lfi.yaml
View File

@ -1,13 +1,17 @@
id: processmaker-lfi
info:
name: ProcessMaker <= 3.5.4 Directory Traversal
name: ProcessMaker <=3.5.4 - Local File Inclusion
author: KrE80r
severity: high
description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content.
description: ProcessMaker 3.5.4 and prior is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/50229
- https://www.processmaker.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: processmaker,lfi
requests:
@ -26,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

9
vulnerabilities/other/sl-studio-lfi.yaml
View File

@ -1,11 +1,16 @@
id: sl-studio-lfi
info:
name: Webbdesign SL-Studio Directory Traversal
name: Webbdesign SL-Studio - Local File Inclusion
author: 0x_Akoko
severity: high
description: Webbdesign SL-Studio is vulnerable to local file inclusion.
reference:
- https://cxsecurity.com/issue/WLB-2018110187
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.'
tags: slstudio,lfi
@ -24,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml
View File

@ -1,13 +1,17 @@
id: sofneta-mecdream-pacs-lfi
info:
name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion
author: 0x_akoko
severity: high
description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/45347
- https://www.softneta.com/products/meddream-pacs-server/downloads.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
tags: sofneta,lfi
@ -25,3 +29,5 @@ requests:
- "fonts"
- "extensions"
condition: and
# Enhanced by mp on 2022/08/04

8
vulnerabilities/other/surrealtodo-lfi.yaml
View File

@ -5,9 +5,13 @@ info:
author: arafatansari
severity: high
description: |
Surreal ToDo is affected by Local File Inclusion on index.php via content parameter.
Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter.
reference:
- https://www.exploit-db.com/exploits/45826
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata:
verified: true
tags: surreal,lfi
@ -26,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/symantec-messaging-gateway.yaml
View File

@ -1,10 +1,14 @@
id: symantec-messaging-gateway
info:
name: Symantec Messaging Gateway LFI
name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
author: Random_Robbie
severity: medium
description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal
description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,messaging,symantec
requests:
@ -21,3 +25,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

9
vulnerabilities/other/tpshop-directory-traversal.yaml
View File

@ -1,11 +1,16 @@
id: tpshop-directory-traversal
info:
name: TPshop Directory Traversal
name: TPshop - Local File Inclusion
author: pikpikcu
description: TPshop is vulnerable to local file inclusion.
severity: high
reference:
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: tpshop,lfi
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

12
vulnerabilities/other/umbraco-base-ssrf.yaml
View File

@ -1,16 +1,16 @@
id: umbraco-base-ssrf
info:
name: Umbraco v8.14.1 - 'baseUrl' SSRF
name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
author: dhiyaneshDk
severity: medium
description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack.
reference:
- https://www.exploit-db.com/exploits/50462
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2020-10770
cwe-id: CWE-601
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 6.8
cwe-id: CWE-918
metadata:
verified: true
shodan-query: http.html:"Umbraco"
@ -37,3 +37,5 @@ requests:
- "len(body_1)==0"
- "len(body_2)==0"
- "len(body_3)==0"
# Enhanced by cs 08/03/2022

6
vulnerabilities/other/viewlinc-crlf-injection.yaml
View File

@ -1,10 +1,10 @@
id: viewlinc-crlf-injection
info:
name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection.
name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
author: geeknik
severity: low
description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned.
description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned.
reference:
- https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
tags: crlf,viewlinc
@ -29,3 +29,5 @@ requests:
- "Set-Cookie: crlfinjection=crlfinjection"
part: header
condition: and
# Enhanced by mp on 2022/08/04

11
vulnerabilities/other/xerox-efi-lfi.yaml
View File

@ -1,15 +1,18 @@
id: xerox-efi-lfi
info:
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
author: gy741
severity: high
description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary
files on the affected system.
description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
- https://packetstormsecurity.com/files/145570
- https://www.exploit-db.com/exploits/43398/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: iot,xerox,disclosure,lfi
requests:
@ -26,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/other/yishaadmin-lfi.yaml
View File

@ -1,13 +1,17 @@
id: yishaadmin-lfi
info:
name: yishaadmin path traversal
name: yishaadmin - Local File Inclusion
author: Evan Rubinstein
severity: high
description: An endpoint in yshaadmin "/admin/File/DownloadFile" was improperly secured, allowing for files to be downloaded, read or deleted without any authentication.
description: yishaadmin is vulnerable to local file inclusion via the "/admin/File/DownloadFile" endpoint and allows files to be downloaded, read or deleted without any authentication.
reference:
- https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/
- https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,yishaadmin
requests:
@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/ruijie/ruijie-networks-lfi.yaml
View File

@ -1,12 +1,16 @@
id: ruijie-networks-lfi
info:
name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
name: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion
author: pikpikcu
severity: high
description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
description: Ruijie Networks Switch eWeb S29_RGOS 11.4 is vulnerable to local file inclusion and allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
reference:
- https://exploit-db.com/exploits/48755
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ruijie,lfi
requests:
@ -30,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/04

10
vulnerabilities/seeyon/wooyun-2015-148227.yaml
View File

@ -1,12 +1,16 @@
id: wooyun-2015-148227
info:
name: Seeyon WooYun LFR
name: Seeyon WooYun - Local File Inclusion
author: princechaddha
severity: high
description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker.
description: Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion.
reference:
- https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: seeyon,wooyun,lfi,zhiyuan
requests:
@ -26,3 +30,5 @@ requests:
part: header
words:
- "application/xml"
# Enhanced by mp on 2022/08/04

9
vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
View File

@ -1,11 +1,16 @@
id: squirrelmail-lfi
info:
name: SquirrelMail 1.2.11 Local File Inclusion
name: SquirrelMail 1.2.11 - Local File Inclusion
author: dhiyaneshDk
severity: high
description: SquirrelMail 1.2.11 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/22793
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,squirrelmail
requests:
@ -25,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

9
vulnerabilities/thinkcmf/thinkcmf-lfi.yaml
View File

@ -1,14 +1,19 @@
id: thinkcmf-lfi
info:
name: ThinkCMF LFI
name: ThinkCMF - Local File Inclusion
author: pikpikcu
severity: high
description: ThinkCMF is vulnerable to local file inclusion.
reference:
- https://www.freebuf.com/vuls/217586.html
metadata:
win-payload: ../../../../../../../../../../../../../../../../windows/win.ini
unix-payload: ../../../../../../../../../../../../../../../../etc/passwd
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: thinkcmf,lfi
requests:
@ -29,3 +34,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

9
vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
View File

@ -1,9 +1,14 @@
id: vmware-vcenter-lfi-linux
info:
name: Vmware Vcenter LFI for Linux appliances
name: Linux Vmware Vcenter - Local File Inclusion
author: PR3R00T
severity: high
description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: vmware,lfi,vcenter
requests:
@ -14,3 +19,5 @@ requests:
- type: word
words:
- "vCenter Server"
# Enhanced by mp on 2022/08/01

9
vulnerabilities/vmware/vmware-vcenter-lfi.yaml
View File

@ -1,12 +1,17 @@
id: vmware-vcenter-lfi
info:
name: VMware vCenter Unauthenticated Arbitrary File Read
name: VMware vCenter - Local File Inclusion
author: dwisiswant0
severity: high
description: VMware vCenter is vulnerable to local file inclusion.
reference:
- https://kb.vmware.com/s/article/7960893
- https://twitter.com/ptswarm/status/1316016337550938122
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: vmware,lfi,vcenter
requests:
@ -30,3 +35,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

9
vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml
View File

@ -1,11 +1,16 @@
id: ecology-filedownload-directory-traversal
info:
name: Ecology Directory Traversal
name: Ecology - Local File Inclusion
author: princechaddha
severity: medium
description: Ecology is vulnerable to local file inclusion.
metadata:
fofa-query: app="泛微-协同办公OA"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ecology,lfi
requests:
@ -21,3 +26,5 @@ requests:
words:
- "<url-pattern>/weaver/"
part: body
# Enhanced by mp on 2022/08/01

9
vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml
View File

@ -1,9 +1,14 @@
id: ecology-springframework-directory-traversal
info:
name: Ecology Springframework Directory Traversal
name: Ecology Springframework - Local File Inclusion
author: princechaddha
severity: medium
description: Ecology Springframework is vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ecology,springframework,lfi
requests:
@ -19,3 +24,5 @@ requests:
words:
- "<url-pattern>/weaver/"
part: body
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/ad-widget-lfi.yaml
View File

@ -1,13 +1,17 @@
id: ad-widget-lfi
info:
name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)
name: WordPress Ad Widget 2.11.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
description: WordPress Ad Widget 2.11.0 is vulnerable to local file inclusion. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
reference:
- https://cxsecurity.com/issue/WLB-2017100084
- https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi
requests:
@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/admin-word-count-column-lfi.yaml
View File

@ -1,12 +1,18 @@
id: admin-word-count-column-lfi
info:
name: Admin word count column 2.2 - Arbitrary File Retrieval
name: WordPress Admin Word Count Column 2.2 - Local File Inclusion
author: daffainfo,Splint3r7
severity: high
description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion.
reference:
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
- https://wordpress.org/plugins/admin-word-count-column/
remediation: This plugin has been closed as of March 29, 2022 and is not available for download.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -23,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/advanced-access-manager-lfi.yaml
View File

@ -1,13 +1,17 @@
id: advanced-access-manager-lfi
info:
name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion
name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion
author: 0x_Akoko
severity: high
description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
reference:
- https://wpscan.com/vulnerability/9873
- https://id.wordpress.org/plugins/advanced-access-manager/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi
requests:
@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

9
vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml
View File

@ -1,12 +1,17 @@
id: amministrazione-aperta-lfi
info:
name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read
name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
author: daffainfo,Splint3r7
severity: high
description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/50838
- https://wordpress.org/plugins/amministrazione-aperta
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/aspose-file-download.yaml
View File

@ -1,12 +1,16 @@
id: aspose-file-download
info:
name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval
name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion
author: 0x_Akoko
severity: high
description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability.
description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.
reference:
- https://wpscan.com/vulnerability/7866
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose,ebook
requests:
@ -26,3 +30,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

6
vulnerabilities/wordpress/aspose-ie-file-download.yaml
View File

@ -1,10 +1,10 @@
id: aspose-ie-file-download
info:
name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval
name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.
reference:
- https://packetstormsecurity.com/files/131162/
- https://wordpress.org/plugins/aspose-importer-exporter
@ -27,3 +27,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/aspose-pdf-file-download.yaml
View File

@ -1,13 +1,17 @@
id: aspose-pdf-file-download
info:
name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval
name: WordPress Aspose PDF Exporter - Local File Inclusion
author: 0x_Akoko
severity: high
description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
description: WordPress Aspose PDF Exporter is vulnerable to local file inclusion.
reference:
- https://packetstormsecurity.com/files/131161
- https://wordpress.org/plugins/aspose-pdf-exporter
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose
requests:
@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/aspose-words-file-download.yaml
View File

@ -1,13 +1,17 @@
id: aspose-words-file-download
info:
name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval
name: WordPress Aspose Words Exporter <2.0 - Local File Inclusion
author: 0x_Akoko
severity: high
description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability.
description: WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion.
reference:
- https://wpscan.com/vulnerability/7869
- https://wordpress.org/plugins/aspose-doc-exporter
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose
requests:
@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/brandfolder-lfi.yaml
View File

@ -1,13 +1,17 @@
id: brandfolder-lfi
info:
name: Wordpress brandfolder plugin - RFI & LFI
name: Wordpress Brandfolder - Remote/Local File Inclusion
author: 0x_Akoko
severity: high
description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
description: WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
reference:
- https://www.exploit-db.com/exploits/39591
- https://cxsecurity.com/issue/WLB-2016030120
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,rfi
requests:
@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

6
vulnerabilities/wordpress/brandfolder-open-redirect.yaml
View File

@ -1,10 +1,10 @@
id: brandfolder-open-redirect
info:
name: WordPress Brandfolder Plugin Open Redirect
name: WordPress Brandfolder - Remote/Local File Inclusion
author: 0x_Akoko
severity: low
description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
reference:
- https://www.exploit-db.com/exploits/39591
tags: wordpress,wp-plugin,lfi,rfi
@ -19,3 +19,5 @@ requests:
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header
# Enhanced by mp on 2022/08/01

9
vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml
View File

@ -1,12 +1,17 @@
id: cab-fare-calculator-lfi
info:
name: Cab fare calculator 1.0.3 - Unauthenticated Local File Inclusion
name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion
author: Hassan Khan Yusufzai - Splint3r7
severity: high
description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion.
reference:
- https://www.exploit-db.com/exploits/50843
- https://wordpress.org/plugins/cab-fare-calculator
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -23,3 +28,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/01

10
vulnerabilities/wordpress/church-admin-lfi.yaml
View File

@ -1,13 +1,17 @@
id: church-admin-lfi
info:
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
name: WordPress Church Admin 0.33.2.1 - Local File Inclusion
author: 0x_Akoko
severity: high
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
description: WordPress Church Admin 0.33.2.1 is vulnerable to local file inclusion via the "key" parameter of plugins/church-admin/display/download.php.
reference:
- https://wpscan.com/vulnerability/8997
- https://id.wordpress.org/plugins/church-admin/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi
requests:
@ -25,3 +29,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

11
vulnerabilities/wordpress/db-backup-lfi.yaml
View File

@ -1,14 +1,17 @@
id: db-backup-lfi
info:
name: DB Backup <= 4.5 - Path Traversal File Access
name: WordPress DB Backup <=4.5 - Local File Inclusion
author: dhiyaneshDK
severity: high
description: WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive
information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
reference:
- https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536
- https://www.exploit-db.com/exploits/35378
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -28,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

9
vulnerabilities/wordpress/hb-audio-lfi.yaml
View File

@ -1,13 +1,18 @@
id: hb-audio-lfi
info:
name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval
name: Wordpress HB Audio Gallery Lite - Local File Inclusion
author: dhiyaneshDK
severity: high
description: Wordpress HB Audio Gallery Lite is vulnerable to local file inclusion.
reference:
- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html
metadata:
google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp
requests:
@ -27,3 +32,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

12
vulnerabilities/wordpress/health-check-lfi.yaml
View File

@ -1,14 +1,18 @@
id: health-check-lfi
info:
name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal
name: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
author: DhiyaneshDK
severity: high
description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.
remediation: Fixed in version 1.2.4
description: WordPress Health Check & Troubleshooting prior to 1.2.4 is vulnerable to local file inclusion. Exploitation does require authentication.
remediation: Upgrade to version 1.2.4 or later.
reference:
- https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
- https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
requests:
@ -43,3 +47,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05

10
vulnerabilities/wordpress/mthemeunus-lfi.yaml
View File

@ -1,13 +1,17 @@
id: mthemeunus-lfi
info:
name: mTheme-Unus Theme - Local File Inclusion (LFI)
name: WordPress mTheme-Unus Theme - Local File Inclusion
author: dhiyaneshDk
severity: high
description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability.
description: WordPress mTheme-Unus Theme is vulnerable to local file inclusion via css.php.
reference:
- https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
- https://packetstormsecurity.com/files/133778/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-theme,lfi,wordpress,mtheme
requests:
@ -27,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/08/05