diff --git a/vulnerabilities/eyou/eyou-email-rce.yaml b/cves/2014/CVE-2014-1203.yaml similarity index 98% rename from vulnerabilities/eyou/eyou-email-rce.yaml rename to cves/2014/CVE-2014-1203.yaml index b9c576bd74..1a8f2b733e 100644 --- a/vulnerabilities/eyou/eyou-email-rce.yaml +++ b/cves/2014/CVE-2014-1203.yaml @@ -1,4 +1,4 @@ -id: eyou-email-rce +id: CVE-2014-1203 info: name: Eyou E-Mail <3.6 - Remote Code Execution diff --git a/cves/2016/CVE-2016-10367.yaml b/cves/2016/CVE-2016-10367.yaml index fc7bc5acb5..8e41296b51 100644 --- a/cves/2016/CVE-2016-10367.yaml +++ b/cves/2016/CVE-2016-10367.yaml @@ -1,15 +1,14 @@ id: CVE-2016-10367 info: - name: Opsview Monitor Pro - Unauthenticated Directory Traversal + name: Opsview Monitor Pro - Local File Inclusion author: 0x_akoko severity: high - description: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass + description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass. reference: - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774 - - https://www.cvedetails.com/cve/CVE-2016-10367 - - https://nvd.nist.gov/vuln/detail/CVE-2016-10367 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341 + - https://nvd.nist.gov/vuln/detail/CVE-2016-10367 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 @@ -35,3 +34,5 @@ requests: - type: status status: - 404 + +# Enhanced by mp on 2022/08/03 diff --git a/cves/2019/CVE-2019-10717.yaml b/cves/2019/CVE-2019-10717.yaml index bf06eaac80..39980665a1 100644 --- a/cves/2019/CVE-2019-10717.yaml +++ b/cves/2019/CVE-2019-10717.yaml @@ -1,15 +1,15 @@ id: CVE-2019-10717 info: - name: BlogEngine.NET 3.3.7.0 - Directory Traversal + name: BlogEngine.NET 3.3.7.0 - Local File Inclusion author: arafatansari severity: high description: | - BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter + BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter reference: - https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect - - https://nvd.nist.gov/vuln/detail/CVE-2019-10717 - https://github.com/rxtur/BlogEngine.NET/commits/master + - https://nvd.nist.gov/vuln/detail/CVE-2019-10717 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N cvss-score: 7.1 @@ -39,3 +39,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/cves/2020/CVE-2020-10770.yaml b/cves/2020/CVE-2020-10770.yaml index 038e92f4d5..36b948f44a 100644 --- a/cves/2020/CVE-2020-10770.yaml +++ b/cves/2020/CVE-2020-10770.yaml @@ -1,10 +1,10 @@ id: CVE-2020-10770 info: - name: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) + name: Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF) author: dhiyaneshDk severity: medium - description: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. + description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack. reference: - https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html - https://www.exploit-db.com/exploits/50405 @@ -27,3 +27,5 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" + +# Enhanced by cs 08/03/2022 diff --git a/vulnerabilities/other/unauth-rlm.yaml b/cves/2021/CVE-2021-44152.yaml similarity index 79% rename from vulnerabilities/other/unauth-rlm.yaml rename to cves/2021/CVE-2021-44152.yaml index 017b2dad85..c77d4a0b3d 100644 --- a/vulnerabilities/other/unauth-rlm.yaml +++ b/cves/2021/CVE-2021-44152.yaml @@ -4,14 +4,14 @@ info: name: Reprise License Manager 14.2 - Authentication Bypass author: Akincibor severity: critical - description: Reprise License Manager (RLM( 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. + description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. reference: - https://nvd.nist.gov/vuln/detail/CVE-2021-44152 classification: - cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2021-44152 - cwe-id: CWE-288 + cwe-id: CWE-287 tags: unauth,rlm requests: diff --git a/misconfiguration/d-link-arbitary-fileread.yaml b/misconfiguration/d-link-arbitary-fileread.yaml index 453ed0fb23..748e274986 100644 --- a/misconfiguration/d-link-arbitary-fileread.yaml +++ b/misconfiguration/d-link-arbitary-fileread.yaml @@ -1,11 +1,16 @@ id: dlink-file-read info: - name: D-Link - Arbitrary File Retrieval + name: D-Link - Local File Inclusion author: dhiyaneshDK severity: high + description: D-Link is vulnerable to local file inclusion. reference: - https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 tags: dlink,lfi requests: @@ -25,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml b/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml index ca0f994111..67f1b04ce9 100644 --- a/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml +++ b/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml @@ -1,13 +1,17 @@ id: jolokia-unauthenticated-lfi info: - name: Jolokia - Unauthenticated Local File Read + name: Jolokia - Local File Inclusion author: dhiyaneshDk severity: high - description: This exploit allow you to File read with compilerDirectivesAdd + description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd. reference: - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://github.com/laluka/jolokia-exploitation-toolkit + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L + cvss-score: 8.3 + cwe-id: CWE-522 tags: jolokia,springboot,tomcat,lfi requests: @@ -28,4 +32,6 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/technologies/elfinder-detect.yaml b/technologies/elfinder-detect.yaml index 4b2dbbccc8..fba367aa81 100644 --- a/technologies/elfinder-detect.yaml +++ b/technologies/elfinder-detect.yaml @@ -1,9 +1,14 @@ id: elfinder-detect info: - name: elFinder Detect + name: elFinder - Install Detection author: pikpikcu + description: An elFinder implementation was discovered. severity: info + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 tags: tech,elfinder requests: @@ -24,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/74cms-sqli.yaml b/vulnerabilities/other/74cms-sqli.yaml index b5e1b8670b..e11f83d391 100644 --- a/vulnerabilities/other/74cms-sqli.yaml +++ b/vulnerabilities/other/74cms-sqli.yaml @@ -10,7 +10,6 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 cwe-id: CWE-89 tags: 74cms,sqli diff --git a/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml b/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml index 3d5c205fec..28bfe9a282 100644 --- a/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml +++ b/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml @@ -1,11 +1,16 @@ id: hjtcloud-rest-arbitrary-file-read info: - name: HJTcloud Arbitrary file read + name: HJTcloud - Local File Inclusion author: pikpikcu severity: low + description: HJTcloud is vulnerable to local file inclusion. reference: - https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: hjtcloud,lfi requests: @@ -33,3 +38,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml b/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml index eb3bfcfe28..d335ea1fcf 100644 --- a/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml +++ b/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml @@ -1,12 +1,16 @@ id: hrsale-unauthenticated-lfi info: - name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi + name: Hrsale 2.0.0 - Local File Inclusion author: 0x_Akoko severity: high - description: This exploit allow you to download any readable file from server without permission and login session + description: Hrsale 2.0.0 is vulnerable to local file inclusion. This exploit allow you to download any readable file from server without permission and login session reference: - https://www.exploit-db.com/exploits/48920 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: hrsale,lfi requests: @@ -24,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/huawei-hg659-lfi.yaml b/vulnerabilities/other/huawei-hg659-lfi.yaml index 9848bc2218..9fbb59d574 100644 --- a/vulnerabilities/other/huawei-hg659-lfi.yaml +++ b/vulnerabilities/other/huawei-hg659-lfi.yaml @@ -1,11 +1,16 @@ id: huawei-hg659-lfi info: - name: HUAWEI HG659 LFI + name: HUAWEI HG659 - Local File Inclusion author: pikpikcu severity: high + description: HUAWEI HG659 is vulnerable to local file inclusion. reference: - https://twitter.com/sec715/status/1406782172443287559 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,huawei requests: @@ -24,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/huijietong-cloud-fileread.yaml b/vulnerabilities/other/huijietong-cloud-fileread.yaml index 1ab77f4a97..2fc3fd3fe7 100644 --- a/vulnerabilities/other/huijietong-cloud-fileread.yaml +++ b/vulnerabilities/other/huijietong-cloud-fileread.yaml @@ -1,8 +1,9 @@ id: huijietong-cloud-fileread info: - name: Huijietong Cloud File Read + name: Huijietong - Local File Inclusion author: princechaddha,ritikchaddha + description: Huijietong is vulnerable to local file inclusion. severity: high metadata: fofa-query: body="/him/api/rest/v1.0/node/role" @@ -31,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/interlib-fileread.yaml b/vulnerabilities/other/interlib-fileread.yaml index 9386ffb3b2..71bd3ea00b 100644 --- a/vulnerabilities/other/interlib-fileread.yaml +++ b/vulnerabilities/other/interlib-fileread.yaml @@ -1,11 +1,16 @@ id: interlib-fileread info: - name: Interlib Fileread + name: Interlib - Local File Inclusion author: pikpikcu + description: Interlib is vulnerable to local file inclusion. severity: high reference: - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: interlib,lfi requests: @@ -26,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/jeewms-lfi.yaml b/vulnerabilities/other/jeewms-lfi.yaml index eb3fc80104..b13f9827bb 100644 --- a/vulnerabilities/other/jeewms-lfi.yaml +++ b/vulnerabilities/other/jeewms-lfi.yaml @@ -1,11 +1,16 @@ id: jeewms-lfi info: - name: JEEWMS LFI + name: JEEWMS - Local File Inclusion author: pikpikcu severity: high + description: JEEWMS is vulnerable to local file inclusion. reference: - https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: jeewms,lfi requests: @@ -33,3 +38,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/jinfornet-jreport-lfi.yaml b/vulnerabilities/other/jinfornet-jreport-lfi.yaml index 33c359624a..866f59fa95 100644 --- a/vulnerabilities/other/jinfornet-jreport-lfi.yaml +++ b/vulnerabilities/other/jinfornet-jreport-lfi.yaml @@ -1,14 +1,17 @@ id: jinfornet-jreport-lfi info: - name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal + name: Jinfornet Jreport 15.6 - Local File Inclusion author: 0x_Akoko severity: high - description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission. - This vulnerability affects Windows and Unix operating systems. + description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems. reference: - https://cxsecurity.com/issue/WLB-2020030151 - https://www.jinfonet.com/product/download-jreport/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: jreport,jinfornet,lfi requests: @@ -26,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/joomla-com-fabrik-lfi.yaml b/vulnerabilities/other/joomla-com-fabrik-lfi.yaml index e0cdd36ce7..c6919b7225 100644 --- a/vulnerabilities/other/joomla-com-fabrik-lfi.yaml +++ b/vulnerabilities/other/joomla-com-fabrik-lfi.yaml @@ -1,11 +1,16 @@ id: joomla-com-fabrik-lfi info: - name: Joomla! com_fabrik 3.9.11 - Directory Traversal + name: Joomla! com_fabrik 3.9.11 - Local File Inclusion author: dhiyaneshDk severity: high + description: Joomla! com_fabrik 3.9.11 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/48263 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: joomla,lfi requests: @@ -26,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/karel-ip-phone-lfi.yaml b/vulnerabilities/other/karel-ip-phone-lfi.yaml index d2ca25b0c4..a9c13274db 100644 --- a/vulnerabilities/other/karel-ip-phone-lfi.yaml +++ b/vulnerabilities/other/karel-ip-phone-lfi.yaml @@ -1,13 +1,17 @@ id: karel-ip-phone-lfi info: - name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal + name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion author: 0x_Akoko severity: high - description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. + description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. reference: - https://cxsecurity.com/issue/WLB-2020100038 - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: karel,lfi requests: @@ -26,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/kingdee-eas-directory-traversal.yaml b/vulnerabilities/other/kingdee-eas-directory-traversal.yaml index b11c6a4bbf..8709cf27e9 100644 --- a/vulnerabilities/other/kingdee-eas-directory-traversal.yaml +++ b/vulnerabilities/other/kingdee-eas-directory-traversal.yaml @@ -1,12 +1,16 @@ id: kingdee-eas-directory-traversal info: - name: Kingdee EAS - Directory Traversal + name: Kingdee EAS - Local File Inclusion author: ritikchaddha severity: medium - description: Kingdee OA server_file has a directory traversal vulnerability, attackers can obtain sensitive server information through directory traversal. + description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information. reference: - https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: kingdee,lfi,traversal requests: @@ -33,3 +37,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/kingsoft-v8-file-read.yaml b/vulnerabilities/other/kingsoft-v8-file-read.yaml index a103be2311..c8727af6f9 100644 --- a/vulnerabilities/other/kingsoft-v8-file-read.yaml +++ b/vulnerabilities/other/kingsoft-v8-file-read.yaml @@ -1,11 +1,16 @@ id: kingsoft-v8-file-read info: - name: Kingsoft V8 File Read + name: Kingsoft 8 - Local File Inclusion author: ritikchaddha severity: high + description: Kingsoft 8 is vulnerable to local file inclusion. reference: - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: kingsoft,lfi requests: @@ -30,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/kyocera-m2035dn-lfi.yaml b/vulnerabilities/other/kyocera-m2035dn-lfi.yaml index 35651ada5b..acc5552d88 100644 --- a/vulnerabilities/other/kyocera-m2035dn-lfi.yaml +++ b/vulnerabilities/other/kyocera-m2035dn-lfi.yaml @@ -1,13 +1,17 @@ id: kyocera-m2035dn-lfi info: - name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval + name: Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion author: 0x_Akoko severity: high - description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval. + description: Kyocera Command Center RX ECOSYS M2035dn is vulnerable to unauthenticated local file inclusion. reference: - https://www.exploit-db.com/exploits/50738 - https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: printer,iot,kyocera,lfi requests: @@ -24,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/ns-asg-file-read.yaml b/vulnerabilities/other/ns-asg-file-read.yaml index a18b450540..6e08643708 100644 --- a/vulnerabilities/other/ns-asg-file-read.yaml +++ b/vulnerabilities/other/ns-asg-file-read.yaml @@ -1,15 +1,20 @@ id: nsasg-arbitrary-file-read info: - name: NS ASG Arbitrary File Read + name: NS ASG - Local File Inclusion author: pikpikcu,ritikchaddha severity: high + description: NS ASG is vulnerable to local file inclusion. reference: - https://zhuanlan.zhihu.com/p/368054963 - http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md metadata: fofa-query: app="网康科技-NS-ASG安全网关" shodan-query: http.title:“NS-ASG” + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: nsasg,lfi requests: @@ -31,3 +36,5 @@ requests: - "$certfile" - "application/pdf" condition: and + +# Enhanced by mp on 2022/08/03 diff --git a/vulnerabilities/other/nuuo-file-inclusion.yaml b/vulnerabilities/other/nuuo-file-inclusion.yaml index f577991d4f..1812b6d773 100644 --- a/vulnerabilities/other/nuuo-file-inclusion.yaml +++ b/vulnerabilities/other/nuuo-file-inclusion.yaml @@ -1,11 +1,16 @@ id: nuuo-file-inclusion info: - name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval + name: NUUO NVRmini 2 3.0.8 - Local File Inclusion author: princechaddha severity: high + description: NUUO NVRmini 2 3.0.8 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/40211 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: nuuo,lfi requests: @@ -28,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/oliver-library-lfi.yaml b/vulnerabilities/other/oliver-library-lfi.yaml index 4d3eaf3db1..9cbd5f00a1 100644 --- a/vulnerabilities/other/oliver-library-lfi.yaml +++ b/vulnerabilities/other/oliver-library-lfi.yaml @@ -1,13 +1,17 @@ id: oliver-library-lfi info: - name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval + name: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion author: gy741 severity: high - description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input. + description: Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function. reference: - https://www.exploit-db.com/exploits/50599 - https://www.softlinkint.com/product/oliver/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: windows,lfi,oliver requests: @@ -23,3 +27,5 @@ requests: - "fonts" - "extensions" condition: and + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/opencti-lfi.yaml b/vulnerabilities/other/opencti-lfi.yaml index d6c90bdfda..966b929a25 100644 --- a/vulnerabilities/other/opencti-lfi.yaml +++ b/vulnerabilities/other/opencti-lfi.yaml @@ -1,15 +1,20 @@ id: opencti-lfi info: - name: OpenCTI 3.3.1 - Directory Traversal + name: OpenCTI 3.3.1 - Local File Inclusion author: 0x_Akoko severity: high + description: OpenCTI 3.3.1 is vulnerable to local file inclusion. reference: - https://cxsecurity.com/issue/WLB-2020060078 - https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 metadata: verified: true shodan-query: http.html:"OpenCTI" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: opencti,lfi,oss requests: @@ -27,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/opensis-lfi.yaml b/vulnerabilities/other/opensis-lfi.yaml index 8037b9afd6..e481d80bc8 100644 --- a/vulnerabilities/other/opensis-lfi.yaml +++ b/vulnerabilities/other/opensis-lfi.yaml @@ -1,13 +1,16 @@ id: opensis-lfi info: - name: openSIS 5.1 - 'ajax.php' Local File Inclusion + name: openSIS 5.1 - Local File Inclusion author: pikpikcu severity: high - description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker - to compromise the application and computer; other attacks are also possible. + description: openSIS 5.1 is vulnerable to local file inclusion and allows attackers to obtain potentially sensitive information by executing arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible. reference: - https://www.exploit-db.com/exploits/38039 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: opensis,lfi requests: @@ -26,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml b/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml index c024dab894..f19e1846d5 100644 --- a/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml +++ b/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml @@ -1,12 +1,17 @@ id: orbiteam-bscw-server-lfi + info: - name: OrbiTeam BSCW Server - Unauthenticated LFI + name: OrbiTeam BSCW Server - Local File Inclusion author: 0x_Akoko severity: high description: | - OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal + OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below are vulnerable to unauthenticated local file inclusion. reference: - https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: bscw,orbiteam,lfi,unauth requests: @@ -24,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/pacsone-server-lfi.yaml b/vulnerabilities/other/pacsone-server-lfi.yaml index 9ad5ecf688..9183daf5cd 100644 --- a/vulnerabilities/other/pacsone-server-lfi.yaml +++ b/vulnerabilities/other/pacsone-server-lfi.yaml @@ -1,11 +1,16 @@ id: pacsone-server-lfi info: - name: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal + name: PACSOne Server 6.6.2 - Local File Inclusion author: 0x_Akoko severity: high + description: PACSOne Server 6.6.2 is vulnerable to local file inclusion via its integrated DICOM Web Viewer. reference: - https://cxsecurity.com/issue/WLB-2018010303 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: pacsone,lfi requests: @@ -22,3 +27,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/phpwiki-lfi.yaml b/vulnerabilities/other/phpwiki-lfi.yaml index dda2c1fdb7..ba4b6fc48f 100644 --- a/vulnerabilities/other/phpwiki-lfi.yaml +++ b/vulnerabilities/other/phpwiki-lfi.yaml @@ -1,10 +1,10 @@ id: phpwiki-lfi info: - name: phpwiki 1.5.4 - XSS / Local File Inclusion + name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion author: 0x_Akoko severity: high - description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. + description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. reference: - https://www.exploit-db.com/exploits/38027 tags: phpwiki,lfi,xss @@ -24,3 +24,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/pmb-directory-traversal.yaml b/vulnerabilities/other/pmb-directory-traversal.yaml index 69934ef8a1..089982cb28 100644 --- a/vulnerabilities/other/pmb-directory-traversal.yaml +++ b/vulnerabilities/other/pmb-directory-traversal.yaml @@ -1,12 +1,16 @@ id: pmb-directory-traversal info: - name: PMB 5.6 - Arbitrary File Retrieval + name: PMB 5.6 - Local File Inclusion author: geeknik severity: medium - description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval. + description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter. reference: - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi requests: @@ -25,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/pmb-local-file-disclosure.yaml b/vulnerabilities/other/pmb-local-file-disclosure.yaml index b67c0f99da..350073d353 100644 --- a/vulnerabilities/other/pmb-local-file-disclosure.yaml +++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml @@ -1,11 +1,16 @@ id: pmb-local-file-disclosure info: - name: PMB 5.6 - getgif.php Arbitrary File Retrieval + name: PMB 5.6 - Local File Inclusion author: dhiyaneshDk + description: PMB 5.6 is vulnerable to local file inclusion. severity: high reference: - https://www.exploit-db.com/exploits/49054 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,pmb requests: @@ -21,3 +26,5 @@ requests: - type: word words: - "root:x:0" + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/processmaker-lfi.yaml b/vulnerabilities/other/processmaker-lfi.yaml index 5645ae5556..070351c74e 100644 --- a/vulnerabilities/other/processmaker-lfi.yaml +++ b/vulnerabilities/other/processmaker-lfi.yaml @@ -1,13 +1,17 @@ id: processmaker-lfi info: - name: ProcessMaker <= 3.5.4 Directory Traversal + name: ProcessMaker <=3.5.4 - Local File Inclusion author: KrE80r severity: high - description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content. + description: ProcessMaker 3.5.4 and prior is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/50229 - https://www.processmaker.com + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: processmaker,lfi requests: @@ -26,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/sl-studio-lfi.yaml b/vulnerabilities/other/sl-studio-lfi.yaml index 15e7f3d46c..730224f295 100644 --- a/vulnerabilities/other/sl-studio-lfi.yaml +++ b/vulnerabilities/other/sl-studio-lfi.yaml @@ -1,11 +1,16 @@ id: sl-studio-lfi info: - name: Webbdesign SL-Studio Directory Traversal + name: Webbdesign SL-Studio - Local File Inclusion author: 0x_Akoko severity: high + description: Webbdesign SL-Studio is vulnerable to local file inclusion. reference: - https://cxsecurity.com/issue/WLB-2018110187 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 metadata: google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.' tags: slstudio,lfi @@ -24,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml b/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml index 88c4402fbb..04fa7863fa 100644 --- a/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml +++ b/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml @@ -1,13 +1,17 @@ id: sofneta-mecdream-pacs-lfi info: - name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal + name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion author: 0x_akoko severity: high - description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal + description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/45347 - https://www.softneta.com/products/meddream-pacs-server/downloads.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 metadata: google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login tags: sofneta,lfi @@ -25,3 +29,5 @@ requests: - "fonts" - "extensions" condition: and + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/surrealtodo-lfi.yaml b/vulnerabilities/other/surrealtodo-lfi.yaml index 45fd2bb18d..432a090304 100644 --- a/vulnerabilities/other/surrealtodo-lfi.yaml +++ b/vulnerabilities/other/surrealtodo-lfi.yaml @@ -5,9 +5,13 @@ info: author: arafatansari severity: high description: | - Surreal ToDo is affected by Local File Inclusion on index.php via content parameter. + Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter. reference: - https://www.exploit-db.com/exploits/45826 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 metadata: verified: true tags: surreal,lfi @@ -26,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/symantec-messaging-gateway.yaml b/vulnerabilities/other/symantec-messaging-gateway.yaml index ab5c216ab1..7907c60241 100644 --- a/vulnerabilities/other/symantec-messaging-gateway.yaml +++ b/vulnerabilities/other/symantec-messaging-gateway.yaml @@ -1,10 +1,14 @@ id: symantec-messaging-gateway info: - name: Symantec Messaging Gateway LFI + name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion author: Random_Robbie severity: medium - description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal + description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,messaging,symantec requests: @@ -21,3 +25,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/tpshop-directory-traversal.yaml b/vulnerabilities/other/tpshop-directory-traversal.yaml index e88bb55f43..2fd11e7655 100644 --- a/vulnerabilities/other/tpshop-directory-traversal.yaml +++ b/vulnerabilities/other/tpshop-directory-traversal.yaml @@ -1,11 +1,16 @@ id: tpshop-directory-traversal info: - name: TPshop Directory Traversal + name: TPshop - Local File Inclusion author: pikpikcu + description: TPshop is vulnerable to local file inclusion. severity: high reference: - https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: tpshop,lfi requests: @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/umbraco-base-ssrf.yaml b/vulnerabilities/other/umbraco-base-ssrf.yaml index 0966f25483..a5c50e095c 100644 --- a/vulnerabilities/other/umbraco-base-ssrf.yaml +++ b/vulnerabilities/other/umbraco-base-ssrf.yaml @@ -1,16 +1,16 @@ id: umbraco-base-ssrf info: - name: Umbraco v8.14.1 - 'baseUrl' SSRF + name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF) author: dhiyaneshDk severity: medium + description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack. reference: - https://www.exploit-db.com/exploits/50462 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N - cvss-score: 5.3 - cve-id: CVE-2020-10770 - cwe-id: CWE-601 + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 6.8 + cwe-id: CWE-918 metadata: verified: true shodan-query: http.html:"Umbraco" @@ -37,3 +37,5 @@ requests: - "len(body_1)==0" - "len(body_2)==0" - "len(body_3)==0" + +# Enhanced by cs 08/03/2022 diff --git a/vulnerabilities/other/viewlinc-crlf-injection.yaml b/vulnerabilities/other/viewlinc-crlf-injection.yaml index c17f20c71a..18b89426f1 100644 --- a/vulnerabilities/other/viewlinc-crlf-injection.yaml +++ b/vulnerabilities/other/viewlinc-crlf-injection.yaml @@ -1,10 +1,10 @@ id: viewlinc-crlf-injection info: - name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection. + name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack author: geeknik severity: low - description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned. + description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned. reference: - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system tags: crlf,viewlinc @@ -29,3 +29,5 @@ requests: - "Set-Cookie: crlfinjection=crlfinjection" part: header condition: and + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/xerox-efi-lfi.yaml b/vulnerabilities/other/xerox-efi-lfi.yaml index 3bed6e8b43..f588029977 100644 --- a/vulnerabilities/other/xerox-efi-lfi.yaml +++ b/vulnerabilities/other/xerox-efi-lfi.yaml @@ -1,15 +1,18 @@ id: xerox-efi-lfi info: - name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure + name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion author: gy741 severity: high - description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary - files on the affected system. + description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php - https://packetstormsecurity.com/files/145570 - https://www.exploit-db.com/exploits/43398/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: iot,xerox,disclosure,lfi requests: @@ -26,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/other/yishaadmin-lfi.yaml b/vulnerabilities/other/yishaadmin-lfi.yaml index 3d516701fa..309317c0f8 100644 --- a/vulnerabilities/other/yishaadmin-lfi.yaml +++ b/vulnerabilities/other/yishaadmin-lfi.yaml @@ -1,13 +1,17 @@ id: yishaadmin-lfi info: - name: yishaadmin path traversal + name: yishaadmin - Local File Inclusion author: Evan Rubinstein severity: high - description: An endpoint in yshaadmin "/admin/File/DownloadFile" was improperly secured, allowing for files to be downloaded, read or deleted without any authentication. + description: yishaadmin is vulnerable to local file inclusion via the "/admin/File/DownloadFile" endpoint and allows files to be downloaded, read or deleted without any authentication. reference: - https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/ - https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,yishaadmin requests: @@ -25,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/ruijie/ruijie-networks-lfi.yaml b/vulnerabilities/ruijie/ruijie-networks-lfi.yaml index 796119899a..d601167120 100644 --- a/vulnerabilities/ruijie/ruijie-networks-lfi.yaml +++ b/vulnerabilities/ruijie/ruijie-networks-lfi.yaml @@ -1,12 +1,16 @@ id: ruijie-networks-lfi info: - name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI + name: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion author: pikpikcu severity: high - description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint. + description: Ruijie Networks Switch eWeb S29_RGOS 11.4 is vulnerable to local file inclusion and allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint. reference: - https://exploit-db.com/exploits/48755 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: ruijie,lfi requests: @@ -30,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/seeyon/wooyun-2015-148227.yaml b/vulnerabilities/seeyon/wooyun-2015-148227.yaml index 1ec81c7c9f..105f18c2f5 100644 --- a/vulnerabilities/seeyon/wooyun-2015-148227.yaml +++ b/vulnerabilities/seeyon/wooyun-2015-148227.yaml @@ -1,12 +1,16 @@ id: wooyun-2015-148227 info: - name: Seeyon WooYun LFR + name: Seeyon WooYun - Local File Inclusion author: princechaddha severity: high - description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker. + description: Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion. reference: - https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: seeyon,wooyun,lfi,zhiyuan requests: @@ -26,3 +30,5 @@ requests: part: header words: - "application/xml" + +# Enhanced by mp on 2022/08/04 diff --git a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml index f87a7c33a5..dd4fb7060c 100644 --- a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml +++ b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml @@ -1,11 +1,16 @@ id: squirrelmail-lfi info: - name: SquirrelMail 1.2.11 Local File Inclusion + name: SquirrelMail 1.2.11 - Local File Inclusion author: dhiyaneshDk severity: high + description: SquirrelMail 1.2.11 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/22793 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,squirrelmail requests: @@ -25,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml b/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml index f226eaae21..ef1f4fab55 100644 --- a/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml +++ b/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml @@ -1,14 +1,19 @@ id: thinkcmf-lfi info: - name: ThinkCMF LFI + name: ThinkCMF - Local File Inclusion author: pikpikcu severity: high + description: ThinkCMF is vulnerable to local file inclusion. reference: - https://www.freebuf.com/vuls/217586.html metadata: win-payload: ../../../../../../../../../../../../../../../../windows/win.ini unix-payload: ../../../../../../../../../../../../../../../../etc/passwd + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: thinkcmf,lfi requests: @@ -29,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml b/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml index a6ab46dae7..c696caa5bc 100644 --- a/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml +++ b/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml @@ -1,9 +1,14 @@ id: vmware-vcenter-lfi-linux info: - name: Vmware Vcenter LFI for Linux appliances + name: Linux Vmware Vcenter - Local File Inclusion author: PR3R00T severity: high + description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: vmware,lfi,vcenter requests: @@ -14,3 +19,5 @@ requests: - type: word words: - "vCenter Server" + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml index 53a04713d1..16980da65d 100644 --- a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml +++ b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml @@ -1,12 +1,17 @@ id: vmware-vcenter-lfi info: - name: VMware vCenter Unauthenticated Arbitrary File Read + name: VMware vCenter - Local File Inclusion author: dwisiswant0 severity: high + description: VMware vCenter is vulnerable to local file inclusion. reference: - https://kb.vmware.com/s/article/7960893 - https://twitter.com/ptswarm/status/1316016337550938122 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: vmware,lfi,vcenter requests: @@ -30,3 +35,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml b/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml index 61101d9fa7..7bd4b239c2 100644 --- a/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml +++ b/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml @@ -1,11 +1,16 @@ id: ecology-filedownload-directory-traversal info: - name: Ecology Directory Traversal + name: Ecology - Local File Inclusion author: princechaddha severity: medium + description: Ecology is vulnerable to local file inclusion. metadata: fofa-query: app="泛微-协同办公OA" + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: ecology,lfi requests: @@ -21,3 +26,5 @@ requests: words: - "/weaver/" part: body + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml b/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml index 38a7c94887..a61d6e876e 100644 --- a/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml +++ b/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml @@ -1,9 +1,14 @@ id: ecology-springframework-directory-traversal info: - name: Ecology Springframework Directory Traversal + name: Ecology Springframework - Local File Inclusion author: princechaddha severity: medium + description: Ecology Springframework is vulnerable to local file inclusion. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: ecology,springframework,lfi requests: @@ -19,3 +24,5 @@ requests: words: - "/weaver/" part: body + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/ad-widget-lfi.yaml b/vulnerabilities/wordpress/ad-widget-lfi.yaml index 62964352e5..125fb8aa54 100644 --- a/vulnerabilities/wordpress/ad-widget-lfi.yaml +++ b/vulnerabilities/wordpress/ad-widget-lfi.yaml @@ -1,13 +1,17 @@ id: ad-widget-lfi info: - name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0) + name: WordPress Ad Widget 2.11.0 - Local File Inclusion author: 0x_Akoko severity: high - description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. + description: WordPress Ad Widget 2.11.0 is vulnerable to local file inclusion. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. reference: - https://cxsecurity.com/issue/WLB-2017100084 - https://plugins.trac.wordpress.org/changeset/1628751/ad-widget + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi requests: @@ -25,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml b/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml index fd86eaf40f..b337563594 100644 --- a/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml +++ b/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml @@ -1,12 +1,18 @@ id: admin-word-count-column-lfi info: - name: Admin word count column 2.2 - Arbitrary File Retrieval + name: WordPress Admin Word Count Column 2.2 - Local File Inclusion author: daffainfo,Splint3r7 severity: high + description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion. reference: - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html - https://wordpress.org/plugins/admin-word-count-column/ + remediation: This plugin has been closed as of March 29, 2022 and is not available for download. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,wp requests: @@ -23,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml b/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml index 9838f210f1..2a341dfb38 100644 --- a/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml +++ b/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml @@ -1,13 +1,17 @@ id: advanced-access-manager-lfi info: - name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion + name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion author: 0x_Akoko severity: high - description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers. + description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers. reference: - https://wpscan.com/vulnerability/9873 - https://id.wordpress.org/plugins/advanced-access-manager/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi requests: @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml b/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml index f9fc49bd56..53699b5520 100644 --- a/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml +++ b/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml @@ -1,12 +1,17 @@ id: amministrazione-aperta-lfi info: - name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read + name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion author: daffainfo,Splint3r7 severity: high + description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/50838 - https://wordpress.org/plugins/amministrazione-aperta + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,wp requests: @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/aspose-file-download.yaml b/vulnerabilities/wordpress/aspose-file-download.yaml index 2c4b91c5d4..327b07bcc8 100644 --- a/vulnerabilities/wordpress/aspose-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-file-download.yaml @@ -1,12 +1,16 @@ id: aspose-file-download info: - name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval + name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion author: 0x_Akoko severity: high - description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability. + description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion. reference: - https://wpscan.com/vulnerability/7866 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,aspose,ebook requests: @@ -26,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/aspose-ie-file-download.yaml b/vulnerabilities/wordpress/aspose-ie-file-download.yaml index ae52c36233..18857d6187 100644 --- a/vulnerabilities/wordpress/aspose-ie-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-ie-file-download.yaml @@ -1,10 +1,10 @@ id: aspose-ie-file-download info: - name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval + name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion author: 0x_Akoko severity: high - description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. + description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion. reference: - https://packetstormsecurity.com/files/131162/ - https://wordpress.org/plugins/aspose-importer-exporter @@ -27,3 +27,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/aspose-pdf-file-download.yaml b/vulnerabilities/wordpress/aspose-pdf-file-download.yaml index 48c499bc3a..d10395f6c7 100644 --- a/vulnerabilities/wordpress/aspose-pdf-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-pdf-file-download.yaml @@ -1,13 +1,17 @@ id: aspose-pdf-file-download info: - name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval + name: WordPress Aspose PDF Exporter - Local File Inclusion author: 0x_Akoko severity: high - description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. + description: WordPress Aspose PDF Exporter is vulnerable to local file inclusion. reference: - https://packetstormsecurity.com/files/131161 - https://wordpress.org/plugins/aspose-pdf-exporter + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,aspose requests: @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/aspose-words-file-download.yaml b/vulnerabilities/wordpress/aspose-words-file-download.yaml index ac80fecb8c..78a79b554e 100644 --- a/vulnerabilities/wordpress/aspose-words-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-words-file-download.yaml @@ -1,13 +1,17 @@ id: aspose-words-file-download info: - name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval + name: WordPress Aspose Words Exporter <2.0 - Local File Inclusion author: 0x_Akoko severity: high - description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability. + description: WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion. reference: - https://wpscan.com/vulnerability/7869 - https://wordpress.org/plugins/aspose-doc-exporter + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,aspose requests: @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/brandfolder-lfi.yaml b/vulnerabilities/wordpress/brandfolder-lfi.yaml index 2cb1f03bf0..1a5a150ccf 100644 --- a/vulnerabilities/wordpress/brandfolder-lfi.yaml +++ b/vulnerabilities/wordpress/brandfolder-lfi.yaml @@ -1,13 +1,17 @@ id: brandfolder-lfi info: - name: Wordpress brandfolder plugin - RFI & LFI + name: Wordpress Brandfolder - Remote/Local File Inclusion author: 0x_Akoko severity: high - description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content. + description: WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content. reference: - https://www.exploit-db.com/exploits/39591 - https://cxsecurity.com/issue/WLB-2016030120 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,rfi requests: @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/brandfolder-open-redirect.yaml b/vulnerabilities/wordpress/brandfolder-open-redirect.yaml index 2ef16f2ea4..7c050c1701 100644 --- a/vulnerabilities/wordpress/brandfolder-open-redirect.yaml +++ b/vulnerabilities/wordpress/brandfolder-open-redirect.yaml @@ -1,10 +1,10 @@ id: brandfolder-open-redirect info: - name: WordPress Brandfolder Plugin Open Redirect + name: WordPress Brandfolder - Remote/Local File Inclusion author: 0x_Akoko severity: low - description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it. + description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it. reference: - https://www.exploit-db.com/exploits/39591 tags: wordpress,wp-plugin,lfi,rfi @@ -19,3 +19,5 @@ requests: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' part: header + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml b/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml index a668258b91..44c69bf0ff 100644 --- a/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml +++ b/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml @@ -1,12 +1,17 @@ id: cab-fare-calculator-lfi info: - name: Cab fare calculator 1.0.3 - Unauthenticated Local File Inclusion + name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion author: Hassan Khan Yusufzai - Splint3r7 severity: high + description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion. reference: - https://www.exploit-db.com/exploits/50843 - https://wordpress.org/plugins/cab-fare-calculator + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,wp requests: @@ -23,3 +28,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/01 diff --git a/vulnerabilities/wordpress/church-admin-lfi.yaml b/vulnerabilities/wordpress/church-admin-lfi.yaml index 9885353c52..4de824478b 100644 --- a/vulnerabilities/wordpress/church-admin-lfi.yaml +++ b/vulnerabilities/wordpress/church-admin-lfi.yaml @@ -1,13 +1,17 @@ id: church-admin-lfi info: - name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal + name: WordPress Church Admin 0.33.2.1 - Local File Inclusion author: 0x_Akoko severity: high - description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack. + description: WordPress Church Admin 0.33.2.1 is vulnerable to local file inclusion via the "key" parameter of plugins/church-admin/display/download.php. reference: - https://wpscan.com/vulnerability/8997 - https://id.wordpress.org/plugins/church-admin/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi requests: @@ -25,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/wordpress/db-backup-lfi.yaml b/vulnerabilities/wordpress/db-backup-lfi.yaml index 48dcb57edf..ad45d744d3 100644 --- a/vulnerabilities/wordpress/db-backup-lfi.yaml +++ b/vulnerabilities/wordpress/db-backup-lfi.yaml @@ -1,14 +1,17 @@ id: db-backup-lfi info: - name: DB Backup <= 4.5 - Path Traversal File Access + name: WordPress DB Backup <=4.5 - Local File Inclusion author: dhiyaneshDK severity: high - description: WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive - information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected. + description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. reference: - https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536 - https://www.exploit-db.com/exploits/35378 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,wp requests: @@ -28,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/wordpress/hb-audio-lfi.yaml b/vulnerabilities/wordpress/hb-audio-lfi.yaml index 4a0e7ea744..f08ce72326 100644 --- a/vulnerabilities/wordpress/hb-audio-lfi.yaml +++ b/vulnerabilities/wordpress/hb-audio-lfi.yaml @@ -1,13 +1,18 @@ id: hb-audio-lfi info: - name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval + name: Wordpress HB Audio Gallery Lite - Local File Inclusion author: dhiyaneshDK severity: high + description: Wordpress HB Audio Gallery Lite is vulnerable to local file inclusion. reference: - https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html metadata: google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-plugin,lfi,wp requests: @@ -27,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/wordpress/health-check-lfi.yaml b/vulnerabilities/wordpress/health-check-lfi.yaml index c6e1a39f3c..93204f2239 100644 --- a/vulnerabilities/wordpress/health-check-lfi.yaml +++ b/vulnerabilities/wordpress/health-check-lfi.yaml @@ -1,14 +1,18 @@ id: health-check-lfi info: - name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal + name: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion author: DhiyaneshDK severity: high - description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability. - remediation: Fixed in version 1.2.4 + description: WordPress Health Check & Troubleshooting prior to 1.2.4 is vulnerable to local file inclusion. Exploitation does require authentication. + remediation: Upgrade to version 1.2.4 or later. reference: - https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a - https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr requests: @@ -43,3 +47,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05 diff --git a/vulnerabilities/wordpress/mthemeunus-lfi.yaml b/vulnerabilities/wordpress/mthemeunus-lfi.yaml index bb1b5770e5..e767f777fa 100644 --- a/vulnerabilities/wordpress/mthemeunus-lfi.yaml +++ b/vulnerabilities/wordpress/mthemeunus-lfi.yaml @@ -1,13 +1,17 @@ id: mthemeunus-lfi info: - name: mTheme-Unus Theme - Local File Inclusion (LFI) + name: WordPress mTheme-Unus Theme - Local File Inclusion author: dhiyaneshDk severity: high - description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability. + description: WordPress mTheme-Unus Theme is vulnerable to local file inclusion via css.php. reference: - https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb - https://packetstormsecurity.com/files/133778/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-22 tags: wordpress,wp-theme,lfi,wordpress,mtheme requests: @@ -27,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/08/05