Dashboard Content Enhancements (#5009)

Dashboard Content Enhancements
patch-1
MostInterestingBotInTheWorld 2022-08-05 09:57:51 -04:00 committed by GitHub
parent 64cd216ab5
commit b2e886f09b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
65 changed files with 473 additions and 115 deletions

View File

@ -1,4 +1,4 @@
id: eyou-email-rce id: CVE-2014-1203
info: info:
name: Eyou E-Mail <3.6 - Remote Code Execution name: Eyou E-Mail <3.6 - Remote Code Execution

View File

@ -1,15 +1,14 @@
id: CVE-2016-10367 id: CVE-2016-10367
info: info:
name: Opsview Monitor Pro - Unauthenticated Directory Traversal name: Opsview Monitor Pro - Local File Inclusion
author: 0x_akoko author: 0x_akoko
severity: high severity: high
description: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.
reference: reference:
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
- https://www.cvedetails.com/cve/CVE-2016-10367
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5 cvss-score: 7.5
@ -35,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 404 - 404
# Enhanced by mp on 2022/08/03

View File

@ -1,15 +1,15 @@
id: CVE-2019-10717 id: CVE-2019-10717
info: info:
name: BlogEngine.NET 3.3.7.0 - Directory Traversal name: BlogEngine.NET 3.3.7.0 - Local File Inclusion
author: arafatansari author: arafatansari
severity: high severity: high
description: | description: |
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
reference: reference:
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect - https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
- https://github.com/rxtur/BlogEngine.NET/commits/master - https://github.com/rxtur/BlogEngine.NET/commits/master
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
cvss-score: 7.1 cvss-score: 7.1
@ -39,3 +39,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,10 +1,10 @@
id: CVE-2020-10770 id: CVE-2020-10770
info: info:
name: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated) name: Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
author: dhiyaneshDk author: dhiyaneshDk
severity: medium severity: medium
description: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack. description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
reference: reference:
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html - https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
- https://www.exploit-db.com/exploits/50405 - https://www.exploit-db.com/exploits/50405
@ -27,3 +27,5 @@ requests:
part: interactsh_protocol # Confirms the HTTP Interaction part: interactsh_protocol # Confirms the HTTP Interaction
words: words:
- "http" - "http"
# Enhanced by cs 08/03/2022

View File

@ -4,14 +4,14 @@ info:
name: Reprise License Manager 14.2 - Authentication Bypass name: Reprise License Manager 14.2 - Authentication Bypass
author: Akincibor author: Akincibor
severity: critical severity: critical
description: Reprise License Manager (RLM( 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user. description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
reference: reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152 - https://nvd.nist.gov/vuln/detail/CVE-2021-44152
classification: classification:
cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 10.0 cvss-score: 9.8
cve-id: CVE-2021-44152 cve-id: CVE-2021-44152
cwe-id: CWE-288 cwe-id: CWE-287
tags: unauth,rlm tags: unauth,rlm
requests: requests:

View File

@ -1,11 +1,16 @@
id: dlink-file-read id: dlink-file-read
info: info:
name: D-Link - Arbitrary File Retrieval name: D-Link - Local File Inclusion
author: dhiyaneshDK author: dhiyaneshDK
severity: high severity: high
description: D-Link is vulnerable to local file inclusion.
reference: reference:
- https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html - https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: dlink,lfi tags: dlink,lfi
requests: requests:
@ -25,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,13 +1,17 @@
id: jolokia-unauthenticated-lfi id: jolokia-unauthenticated-lfi
info: info:
name: Jolokia - Unauthenticated Local File Read name: Jolokia - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: This exploit allow you to File read with compilerDirectivesAdd description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd.
reference: reference:
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/ - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
- https://github.com/laluka/jolokia-exploitation-toolkit - https://github.com/laluka/jolokia-exploitation-toolkit
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
tags: jolokia,springboot,tomcat,lfi tags: jolokia,springboot,tomcat,lfi
requests: requests:
@ -29,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,9 +1,14 @@
id: elfinder-detect id: elfinder-detect
info: info:
name: elFinder Detect name: elFinder - Install Detection
author: pikpikcu author: pikpikcu
description: An elFinder implementation was discovered.
severity: info severity: info
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
tags: tech,elfinder tags: tech,elfinder
requests: requests:
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -10,7 +10,6 @@ info:
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8 cvss-score: 9.8
cve-id: CVE-2020-22210
cwe-id: CWE-89 cwe-id: CWE-89
tags: 74cms,sqli tags: 74cms,sqli

View File

@ -1,11 +1,16 @@
id: hjtcloud-rest-arbitrary-file-read id: hjtcloud-rest-arbitrary-file-read
info: info:
name: HJTcloud Arbitrary file read name: HJTcloud - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: low severity: low
description: HJTcloud is vulnerable to local file inclusion.
reference: reference:
- https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw - https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: hjtcloud,lfi tags: hjtcloud,lfi
requests: requests:
@ -33,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,12 +1,16 @@
id: hrsale-unauthenticated-lfi id: hrsale-unauthenticated-lfi
info: info:
name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi name: Hrsale 2.0.0 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: This exploit allow you to download any readable file from server without permission and login session description: Hrsale 2.0.0 is vulnerable to local file inclusion. This exploit allow you to download any readable file from server without permission and login session
reference: reference:
- https://www.exploit-db.com/exploits/48920 - https://www.exploit-db.com/exploits/48920
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: hrsale,lfi tags: hrsale,lfi
requests: requests:
@ -24,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: huawei-hg659-lfi id: huawei-hg659-lfi
info: info:
name: HUAWEI HG659 LFI name: HUAWEI HG659 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: HUAWEI HG659 is vulnerable to local file inclusion.
reference: reference:
- https://twitter.com/sec715/status/1406782172443287559 - https://twitter.com/sec715/status/1406782172443287559
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,huawei tags: lfi,huawei
requests: requests:
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,8 +1,9 @@
id: huijietong-cloud-fileread id: huijietong-cloud-fileread
info: info:
name: Huijietong Cloud File Read name: Huijietong - Local File Inclusion
author: princechaddha,ritikchaddha author: princechaddha,ritikchaddha
description: Huijietong is vulnerable to local file inclusion.
severity: high severity: high
metadata: metadata:
fofa-query: body="/him/api/rest/v1.0/node/role" fofa-query: body="/him/api/rest/v1.0/node/role"
@ -31,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: interlib-fileread id: interlib-fileread
info: info:
name: Interlib Fileread name: Interlib - Local File Inclusion
author: pikpikcu author: pikpikcu
description: Interlib is vulnerable to local file inclusion.
severity: high severity: high
reference: reference:
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: interlib,lfi tags: interlib,lfi
requests: requests:
@ -26,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: jeewms-lfi id: jeewms-lfi
info: info:
name: JEEWMS LFI name: JEEWMS - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: JEEWMS is vulnerable to local file inclusion.
reference: reference:
- https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g - https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: jeewms,lfi tags: jeewms,lfi
requests: requests:
@ -33,3 +38,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,14 +1,17 @@
id: jinfornet-jreport-lfi id: jinfornet-jreport-lfi
info: info:
name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal name: Jinfornet Jreport 15.6 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission. description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
This vulnerability affects Windows and Unix operating systems.
reference: reference:
- https://cxsecurity.com/issue/WLB-2020030151 - https://cxsecurity.com/issue/WLB-2020030151
- https://www.jinfonet.com/product/download-jreport/ - https://www.jinfonet.com/product/download-jreport/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: jreport,jinfornet,lfi tags: jreport,jinfornet,lfi
requests: requests:
@ -26,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: joomla-com-fabrik-lfi id: joomla-com-fabrik-lfi
info: info:
name: Joomla! com_fabrik 3.9.11 - Directory Traversal name: Joomla! com_fabrik 3.9.11 - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: Joomla! com_fabrik 3.9.11 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/48263 - https://www.exploit-db.com/exploits/48263
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: joomla,lfi tags: joomla,lfi
requests: requests:
@ -26,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,13 +1,17 @@
id: karel-ip-phone-lfi id: karel-ip-phone-lfi
info: info:
name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter. description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
reference: reference:
- https://cxsecurity.com/issue/WLB-2020100038 - https://cxsecurity.com/issue/WLB-2020100038
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: karel,lfi tags: karel,lfi
requests: requests:
@ -26,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,12 +1,16 @@
id: kingdee-eas-directory-traversal id: kingdee-eas-directory-traversal
info: info:
name: Kingdee EAS - Directory Traversal name: Kingdee EAS - Local File Inclusion
author: ritikchaddha author: ritikchaddha
severity: medium severity: medium
description: Kingdee OA server_file has a directory traversal vulnerability, attackers can obtain sensitive server information through directory traversal. description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information.
reference: reference:
- https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md - https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: kingdee,lfi,traversal tags: kingdee,lfi,traversal
requests: requests:
@ -33,3 +37,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: kingsoft-v8-file-read id: kingsoft-v8-file-read
info: info:
name: Kingsoft V8 File Read name: Kingsoft 8 - Local File Inclusion
author: ritikchaddha author: ritikchaddha
severity: high severity: high
description: Kingsoft 8 is vulnerable to local file inclusion.
reference: reference:
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: kingsoft,lfi tags: kingsoft,lfi
requests: requests:
@ -30,3 +35,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,13 +1,17 @@
id: kyocera-m2035dn-lfi id: kyocera-m2035dn-lfi
info: info:
name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval name: Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval. description: Kyocera Command Center RX ECOSYS M2035dn is vulnerable to unauthenticated local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/50738 - https://www.exploit-db.com/exploits/50738
- https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html - https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: printer,iot,kyocera,lfi tags: printer,iot,kyocera,lfi
requests: requests:
@ -24,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/03

View File

@ -1,15 +1,20 @@
id: nsasg-arbitrary-file-read id: nsasg-arbitrary-file-read
info: info:
name: NS ASG Arbitrary File Read name: NS ASG - Local File Inclusion
author: pikpikcu,ritikchaddha author: pikpikcu,ritikchaddha
severity: high severity: high
description: NS ASG is vulnerable to local file inclusion.
reference: reference:
- https://zhuanlan.zhihu.com/p/368054963 - https://zhuanlan.zhihu.com/p/368054963
- http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md - http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md
metadata: metadata:
fofa-query: app="网康科技-NS-ASG安全网关" fofa-query: app="网康科技-NS-ASG安全网关"
shodan-query: http.title:“NS-ASG” shodan-query: http.title:“NS-ASG”
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: nsasg,lfi tags: nsasg,lfi
requests: requests:
@ -31,3 +36,5 @@ requests:
- "$certfile" - "$certfile"
- "application/pdf" - "application/pdf"
condition: and condition: and
# Enhanced by mp on 2022/08/03

View File

@ -1,11 +1,16 @@
id: nuuo-file-inclusion id: nuuo-file-inclusion
info: info:
name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval name: NUUO NVRmini 2 3.0.8 - Local File Inclusion
author: princechaddha author: princechaddha
severity: high severity: high
description: NUUO NVRmini 2 3.0.8 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/40211 - https://www.exploit-db.com/exploits/40211
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: nuuo,lfi tags: nuuo,lfi
requests: requests:
@ -28,3 +33,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,13 +1,17 @@
id: oliver-library-lfi id: oliver-library-lfi
info: info:
name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval name: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
author: gy741 author: gy741
severity: high severity: high
description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input. description: Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function.
reference: reference:
- https://www.exploit-db.com/exploits/50599 - https://www.exploit-db.com/exploits/50599
- https://www.softlinkint.com/product/oliver/ - https://www.softlinkint.com/product/oliver/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: windows,lfi,oliver tags: windows,lfi,oliver
requests: requests:
@ -23,3 +27,5 @@ requests:
- "fonts" - "fonts"
- "extensions" - "extensions"
condition: and condition: and
# Enhanced by mp on 2022/08/04

View File

@ -1,15 +1,20 @@
id: opencti-lfi id: opencti-lfi
info: info:
name: OpenCTI 3.3.1 - Directory Traversal name: OpenCTI 3.3.1 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: OpenCTI 3.3.1 is vulnerable to local file inclusion.
reference: reference:
- https://cxsecurity.com/issue/WLB-2020060078 - https://cxsecurity.com/issue/WLB-2020060078
- https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1 - https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"OpenCTI" shodan-query: http.html:"OpenCTI"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: opencti,lfi,oss tags: opencti,lfi,oss
requests: requests:
@ -27,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,13 +1,16 @@
id: opensis-lfi id: opensis-lfi
info: info:
name: openSIS 5.1 - 'ajax.php' Local File Inclusion name: openSIS 5.1 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker description: openSIS 5.1 is vulnerable to local file inclusion and allows attackers to obtain potentially sensitive information by executing arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible.
to compromise the application and computer; other attacks are also possible.
reference: reference:
- https://www.exploit-db.com/exploits/38039 - https://www.exploit-db.com/exploits/38039
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: opensis,lfi tags: opensis,lfi
requests: requests:
@ -26,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,12 +1,17 @@
id: orbiteam-bscw-server-lfi id: orbiteam-bscw-server-lfi
info: info:
name: OrbiTeam BSCW Server - Unauthenticated LFI name: OrbiTeam BSCW Server - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: | description: |
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below are vulnerable to unauthenticated local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html - https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: bscw,orbiteam,lfi,unauth tags: bscw,orbiteam,lfi,unauth
requests: requests:
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,11 +1,16 @@
id: pacsone-server-lfi id: pacsone-server-lfi
info: info:
name: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal name: PACSOne Server 6.6.2 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: PACSOne Server 6.6.2 is vulnerable to local file inclusion via its integrated DICOM Web Viewer.
reference: reference:
- https://cxsecurity.com/issue/WLB-2018010303 - https://cxsecurity.com/issue/WLB-2018010303
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: pacsone,lfi tags: pacsone,lfi
requests: requests:
@ -22,3 +27,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,10 +1,10 @@
id: phpwiki-lfi id: phpwiki-lfi
info: info:
name: phpwiki 1.5.4 - XSS / Local File Inclusion name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint. description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
reference: reference:
- https://www.exploit-db.com/exploits/38027 - https://www.exploit-db.com/exploits/38027
tags: phpwiki,lfi,xss tags: phpwiki,lfi,xss
@ -24,3 +24,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,12 +1,16 @@
id: pmb-directory-traversal id: pmb-directory-traversal
info: info:
name: PMB 5.6 - Arbitrary File Retrieval name: PMB 5.6 - Local File Inclusion
author: geeknik author: geeknik
severity: medium severity: medium
description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval. description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter.
reference: reference:
- https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi tags: lfi
requests: requests:
@ -25,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,11 +1,16 @@
id: pmb-local-file-disclosure id: pmb-local-file-disclosure
info: info:
name: PMB 5.6 - getgif.php Arbitrary File Retrieval name: PMB 5.6 - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
description: PMB 5.6 is vulnerable to local file inclusion.
severity: high severity: high
reference: reference:
- https://www.exploit-db.com/exploits/49054 - https://www.exploit-db.com/exploits/49054
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,pmb tags: lfi,pmb
requests: requests:
@ -21,3 +26,5 @@ requests:
- type: word - type: word
words: words:
- "root:x:0" - "root:x:0"
# Enhanced by mp on 2022/08/04

View File

@ -1,13 +1,17 @@
id: processmaker-lfi id: processmaker-lfi
info: info:
name: ProcessMaker <= 3.5.4 Directory Traversal name: ProcessMaker <=3.5.4 - Local File Inclusion
author: KrE80r author: KrE80r
severity: high severity: high
description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content. description: ProcessMaker 3.5.4 and prior is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/50229 - https://www.exploit-db.com/exploits/50229
- https://www.processmaker.com - https://www.processmaker.com
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: processmaker,lfi tags: processmaker,lfi
requests: requests:
@ -26,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,11 +1,16 @@
id: sl-studio-lfi id: sl-studio-lfi
info: info:
name: Webbdesign SL-Studio Directory Traversal name: Webbdesign SL-Studio - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Webbdesign SL-Studio is vulnerable to local file inclusion.
reference: reference:
- https://cxsecurity.com/issue/WLB-2018110187 - https://cxsecurity.com/issue/WLB-2018110187
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata: metadata:
google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.' google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.'
tags: slstudio,lfi tags: slstudio,lfi
@ -24,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,13 +1,17 @@
id: sofneta-mecdream-pacs-lfi id: sofneta-mecdream-pacs-lfi
info: info:
name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion
author: 0x_akoko author: 0x_akoko
severity: high severity: high
description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/45347 - https://www.exploit-db.com/exploits/45347
- https://www.softneta.com/products/meddream-pacs-server/downloads.html - https://www.softneta.com/products/meddream-pacs-server/downloads.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata: metadata:
google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
tags: sofneta,lfi tags: sofneta,lfi
@ -25,3 +29,5 @@ requests:
- "fonts" - "fonts"
- "extensions" - "extensions"
condition: and condition: and
# Enhanced by mp on 2022/08/04

View File

@ -5,9 +5,13 @@ info:
author: arafatansari author: arafatansari
severity: high severity: high
description: | description: |
Surreal ToDo is affected by Local File Inclusion on index.php via content parameter. Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter.
reference: reference:
- https://www.exploit-db.com/exploits/45826 - https://www.exploit-db.com/exploits/45826
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
metadata: metadata:
verified: true verified: true
tags: surreal,lfi tags: surreal,lfi
@ -26,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,10 +1,14 @@
id: symantec-messaging-gateway id: symantec-messaging-gateway
info: info:
name: Symantec Messaging Gateway LFI name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
author: Random_Robbie author: Random_Robbie
severity: medium severity: medium
description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,messaging,symantec tags: lfi,messaging,symantec
requests: requests:
@ -21,3 +25,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,11 +1,16 @@
id: tpshop-directory-traversal id: tpshop-directory-traversal
info: info:
name: TPshop Directory Traversal name: TPshop - Local File Inclusion
author: pikpikcu author: pikpikcu
description: TPshop is vulnerable to local file inclusion.
severity: high severity: high
reference: reference:
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA - https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: tpshop,lfi tags: tpshop,lfi
requests: requests:
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,16 +1,16 @@
id: umbraco-base-ssrf id: umbraco-base-ssrf
info: info:
name: Umbraco v8.14.1 - 'baseUrl' SSRF name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
author: dhiyaneshDk author: dhiyaneshDk
severity: medium severity: medium
description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack.
reference: reference:
- https://www.exploit-db.com/exploits/50462 - https://www.exploit-db.com/exploits/50462
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 5.3 cvss-score: 6.8
cve-id: CVE-2020-10770 cwe-id: CWE-918
cwe-id: CWE-601
metadata: metadata:
verified: true verified: true
shodan-query: http.html:"Umbraco" shodan-query: http.html:"Umbraco"
@ -37,3 +37,5 @@ requests:
- "len(body_1)==0" - "len(body_1)==0"
- "len(body_2)==0" - "len(body_2)==0"
- "len(body_3)==0" - "len(body_3)==0"
# Enhanced by cs 08/03/2022

View File

@ -1,10 +1,10 @@
id: viewlinc-crlf-injection id: viewlinc-crlf-injection
info: info:
name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection. name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
author: geeknik author: geeknik
severity: low severity: low
description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned. description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned.
reference: reference:
- https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
tags: crlf,viewlinc tags: crlf,viewlinc
@ -29,3 +29,5 @@ requests:
- "Set-Cookie: crlfinjection=crlfinjection" - "Set-Cookie: crlfinjection=crlfinjection"
part: header part: header
condition: and condition: and
# Enhanced by mp on 2022/08/04

View File

@ -1,15 +1,18 @@
id: xerox-efi-lfi id: xerox-efi-lfi
info: info:
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
author: gy741 author: gy741
severity: high severity: high
description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
files on the affected system.
reference: reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
- https://packetstormsecurity.com/files/145570 - https://packetstormsecurity.com/files/145570
- https://www.exploit-db.com/exploits/43398/ - https://www.exploit-db.com/exploits/43398/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: iot,xerox,disclosure,lfi tags: iot,xerox,disclosure,lfi
requests: requests:
@ -26,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,13 +1,17 @@
id: yishaadmin-lfi id: yishaadmin-lfi
info: info:
name: yishaadmin path traversal name: yishaadmin - Local File Inclusion
author: Evan Rubinstein author: Evan Rubinstein
severity: high severity: high
description: An endpoint in yshaadmin "/admin/File/DownloadFile" was improperly secured, allowing for files to be downloaded, read or deleted without any authentication. description: yishaadmin is vulnerable to local file inclusion via the "/admin/File/DownloadFile" endpoint and allows files to be downloaded, read or deleted without any authentication.
reference: reference:
- https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/ - https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/
- https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186 - https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,yishaadmin tags: lfi,yishaadmin
requests: requests:
@ -25,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,12 +1,16 @@
id: ruijie-networks-lfi id: ruijie-networks-lfi
info: info:
name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI name: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint. description: Ruijie Networks Switch eWeb S29_RGOS 11.4 is vulnerable to local file inclusion and allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
reference: reference:
- https://exploit-db.com/exploits/48755 - https://exploit-db.com/exploits/48755
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ruijie,lfi tags: ruijie,lfi
requests: requests:
@ -30,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/04

View File

@ -1,12 +1,16 @@
id: wooyun-2015-148227 id: wooyun-2015-148227
info: info:
name: Seeyon WooYun LFR name: Seeyon WooYun - Local File Inclusion
author: princechaddha author: princechaddha
severity: high severity: high
description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker. description: Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion.
reference: reference:
- https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html - https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: seeyon,wooyun,lfi,zhiyuan tags: seeyon,wooyun,lfi,zhiyuan
requests: requests:
@ -26,3 +30,5 @@ requests:
part: header part: header
words: words:
- "application/xml" - "application/xml"
# Enhanced by mp on 2022/08/04

View File

@ -1,11 +1,16 @@
id: squirrelmail-lfi id: squirrelmail-lfi
info: info:
name: SquirrelMail 1.2.11 Local File Inclusion name: SquirrelMail 1.2.11 - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: SquirrelMail 1.2.11 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/22793 - https://www.exploit-db.com/exploits/22793
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,squirrelmail tags: lfi,squirrelmail
requests: requests:
@ -25,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,14 +1,19 @@
id: thinkcmf-lfi id: thinkcmf-lfi
info: info:
name: ThinkCMF LFI name: ThinkCMF - Local File Inclusion
author: pikpikcu author: pikpikcu
severity: high severity: high
description: ThinkCMF is vulnerable to local file inclusion.
reference: reference:
- https://www.freebuf.com/vuls/217586.html - https://www.freebuf.com/vuls/217586.html
metadata: metadata:
win-payload: ../../../../../../../../../../../../../../../../windows/win.ini win-payload: ../../../../../../../../../../../../../../../../windows/win.ini
unix-payload: ../../../../../../../../../../../../../../../../etc/passwd unix-payload: ../../../../../../../../../../../../../../../../etc/passwd
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: thinkcmf,lfi tags: thinkcmf,lfi
requests: requests:
@ -29,3 +34,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,9 +1,14 @@
id: vmware-vcenter-lfi-linux id: vmware-vcenter-lfi-linux
info: info:
name: Vmware Vcenter LFI for Linux appliances name: Linux Vmware Vcenter - Local File Inclusion
author: PR3R00T author: PR3R00T
severity: high severity: high
description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: vmware,lfi,vcenter tags: vmware,lfi,vcenter
requests: requests:
@ -14,3 +19,5 @@ requests:
- type: word - type: word
words: words:
- "vCenter Server" - "vCenter Server"
# Enhanced by mp on 2022/08/01

View File

@ -1,12 +1,17 @@
id: vmware-vcenter-lfi id: vmware-vcenter-lfi
info: info:
name: VMware vCenter Unauthenticated Arbitrary File Read name: VMware vCenter - Local File Inclusion
author: dwisiswant0 author: dwisiswant0
severity: high severity: high
description: VMware vCenter is vulnerable to local file inclusion.
reference: reference:
- https://kb.vmware.com/s/article/7960893 - https://kb.vmware.com/s/article/7960893
- https://twitter.com/ptswarm/status/1316016337550938122 - https://twitter.com/ptswarm/status/1316016337550938122
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: vmware,lfi,vcenter tags: vmware,lfi,vcenter
requests: requests:
@ -30,3 +35,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,11 +1,16 @@
id: ecology-filedownload-directory-traversal id: ecology-filedownload-directory-traversal
info: info:
name: Ecology Directory Traversal name: Ecology - Local File Inclusion
author: princechaddha author: princechaddha
severity: medium severity: medium
description: Ecology is vulnerable to local file inclusion.
metadata: metadata:
fofa-query: app="泛微-协同办公OA" fofa-query: app="泛微-协同办公OA"
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ecology,lfi tags: ecology,lfi
requests: requests:
@ -21,3 +26,5 @@ requests:
words: words:
- "<url-pattern>/weaver/" - "<url-pattern>/weaver/"
part: body part: body
# Enhanced by mp on 2022/08/01

View File

@ -1,9 +1,14 @@
id: ecology-springframework-directory-traversal id: ecology-springframework-directory-traversal
info: info:
name: Ecology Springframework Directory Traversal name: Ecology Springframework - Local File Inclusion
author: princechaddha author: princechaddha
severity: medium severity: medium
description: Ecology Springframework is vulnerable to local file inclusion.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: ecology,springframework,lfi tags: ecology,springframework,lfi
requests: requests:
@ -19,3 +24,5 @@ requests:
words: words:
- "<url-pattern>/weaver/" - "<url-pattern>/weaver/"
part: body part: body
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: ad-widget-lfi id: ad-widget-lfi
info: info:
name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0) name: WordPress Ad Widget 2.11.0 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. description: WordPress Ad Widget 2.11.0 is vulnerable to local file inclusion. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
reference: reference:
- https://cxsecurity.com/issue/WLB-2017100084 - https://cxsecurity.com/issue/WLB-2017100084
- https://plugins.trac.wordpress.org/changeset/1628751/ad-widget - https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi tags: wordpress,wp-plugin,lfi
requests: requests:
@ -25,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,12 +1,18 @@
id: admin-word-count-column-lfi id: admin-word-count-column-lfi
info: info:
name: Admin word count column 2.2 - Arbitrary File Retrieval name: WordPress Admin Word Count Column 2.2 - Local File Inclusion
author: daffainfo,Splint3r7 author: daffainfo,Splint3r7
severity: high severity: high
description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
- https://wordpress.org/plugins/admin-word-count-column/ - https://wordpress.org/plugins/admin-word-count-column/
remediation: This plugin has been closed as of March 29, 2022 and is not available for download.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp tags: wordpress,wp-plugin,lfi,wp
requests: requests:
@ -23,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: advanced-access-manager-lfi id: advanced-access-manager-lfi
info: info:
name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers. description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
reference: reference:
- https://wpscan.com/vulnerability/9873 - https://wpscan.com/vulnerability/9873
- https://id.wordpress.org/plugins/advanced-access-manager/ - https://id.wordpress.org/plugins/advanced-access-manager/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi tags: wordpress,wp-plugin,lfi
requests: requests:
@ -27,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,12 +1,17 @@
id: amministrazione-aperta-lfi id: amministrazione-aperta-lfi
info: info:
name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
author: daffainfo,Splint3r7 author: daffainfo,Splint3r7
severity: high severity: high
description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/50838 - https://www.exploit-db.com/exploits/50838
- https://wordpress.org/plugins/amministrazione-aperta - https://wordpress.org/plugins/amministrazione-aperta
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp tags: wordpress,wp-plugin,lfi,wp
requests: requests:
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,12 +1,16 @@
id: aspose-file-download id: aspose-file-download
info: info:
name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability. description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.
reference: reference:
- https://wpscan.com/vulnerability/7866 - https://wpscan.com/vulnerability/7866
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose,ebook tags: wordpress,wp-plugin,lfi,aspose,ebook
requests: requests:
@ -26,3 +30,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,10 +1,10 @@
id: aspose-ie-file-download id: aspose-ie-file-download
info: info:
name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/131162/ - https://packetstormsecurity.com/files/131162/
- https://wordpress.org/plugins/aspose-importer-exporter - https://wordpress.org/plugins/aspose-importer-exporter
@ -27,3 +27,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: aspose-pdf-file-download id: aspose-pdf-file-download
info: info:
name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval name: WordPress Aspose PDF Exporter - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. description: WordPress Aspose PDF Exporter is vulnerable to local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/131161 - https://packetstormsecurity.com/files/131161
- https://wordpress.org/plugins/aspose-pdf-exporter - https://wordpress.org/plugins/aspose-pdf-exporter
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose tags: wordpress,wp-plugin,lfi,aspose
requests: requests:
@ -27,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: aspose-words-file-download id: aspose-words-file-download
info: info:
name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval name: WordPress Aspose Words Exporter <2.0 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability. description: WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion.
reference: reference:
- https://wpscan.com/vulnerability/7869 - https://wpscan.com/vulnerability/7869
- https://wordpress.org/plugins/aspose-doc-exporter - https://wordpress.org/plugins/aspose-doc-exporter
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,aspose tags: wordpress,wp-plugin,lfi,aspose
requests: requests:
@ -27,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: brandfolder-lfi id: brandfolder-lfi
info: info:
name: Wordpress brandfolder plugin - RFI & LFI name: Wordpress Brandfolder - Remote/Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content. description: WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
reference: reference:
- https://www.exploit-db.com/exploits/39591 - https://www.exploit-db.com/exploits/39591
- https://cxsecurity.com/issue/WLB-2016030120 - https://cxsecurity.com/issue/WLB-2016030120
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,rfi tags: wordpress,wp-plugin,lfi,rfi
requests: requests:
@ -27,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,10 +1,10 @@
id: brandfolder-open-redirect id: brandfolder-open-redirect
info: info:
name: WordPress Brandfolder Plugin Open Redirect name: WordPress Brandfolder - Remote/Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: low severity: low
description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it. description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
reference: reference:
- https://www.exploit-db.com/exploits/39591 - https://www.exploit-db.com/exploits/39591
tags: wordpress,wp-plugin,lfi,rfi tags: wordpress,wp-plugin,lfi,rfi
@ -19,3 +19,5 @@ requests:
regex: regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
part: header part: header
# Enhanced by mp on 2022/08/01

View File

@ -1,12 +1,17 @@
id: cab-fare-calculator-lfi id: cab-fare-calculator-lfi
info: info:
name: Cab fare calculator 1.0.3 - Unauthenticated Local File Inclusion name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion
author: Hassan Khan Yusufzai - Splint3r7 author: Hassan Khan Yusufzai - Splint3r7
severity: high severity: high
description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion.
reference: reference:
- https://www.exploit-db.com/exploits/50843 - https://www.exploit-db.com/exploits/50843
- https://wordpress.org/plugins/cab-fare-calculator - https://wordpress.org/plugins/cab-fare-calculator
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp tags: wordpress,wp-plugin,lfi,wp
requests: requests:
@ -23,3 +28,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/01

View File

@ -1,13 +1,17 @@
id: church-admin-lfi id: church-admin-lfi
info: info:
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal name: WordPress Church Admin 0.33.2.1 - Local File Inclusion
author: 0x_Akoko author: 0x_Akoko
severity: high severity: high
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack. description: WordPress Church Admin 0.33.2.1 is vulnerable to local file inclusion via the "key" parameter of plugins/church-admin/display/download.php.
reference: reference:
- https://wpscan.com/vulnerability/8997 - https://wpscan.com/vulnerability/8997
- https://id.wordpress.org/plugins/church-admin/ - https://id.wordpress.org/plugins/church-admin/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi tags: wordpress,wp-plugin,lfi
requests: requests:
@ -25,3 +29,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,14 +1,17 @@
id: db-backup-lfi id: db-backup-lfi
info: info:
name: DB Backup <= 4.5 - Path Traversal File Access name: WordPress DB Backup <=4.5 - Local File Inclusion
author: dhiyaneshDK author: dhiyaneshDK
severity: high severity: high
description: WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
reference: reference:
- https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536 - https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536
- https://www.exploit-db.com/exploits/35378 - https://www.exploit-db.com/exploits/35378
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp tags: wordpress,wp-plugin,lfi,wp
requests: requests:
@ -28,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,13 +1,18 @@
id: hb-audio-lfi id: hb-audio-lfi
info: info:
name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval name: Wordpress HB Audio Gallery Lite - Local File Inclusion
author: dhiyaneshDK author: dhiyaneshDK
severity: high severity: high
description: Wordpress HB Audio Gallery Lite is vulnerable to local file inclusion.
reference: reference:
- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html - https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html
metadata: metadata:
google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-plugin,lfi,wp tags: wordpress,wp-plugin,lfi,wp
requests: requests:
@ -27,3 +32,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,14 +1,18 @@
id: health-check-lfi id: health-check-lfi
info: info:
name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal name: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
author: DhiyaneshDK author: DhiyaneshDK
severity: high severity: high
description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability. description: WordPress Health Check & Troubleshooting prior to 1.2.4 is vulnerable to local file inclusion. Exploitation does require authentication.
remediation: Fixed in version 1.2.4 remediation: Upgrade to version 1.2.4 or later.
reference: reference:
- https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a - https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
- https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf - https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
requests: requests:
@ -43,3 +47,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05

View File

@ -1,13 +1,17 @@
id: mthemeunus-lfi id: mthemeunus-lfi
info: info:
name: mTheme-Unus Theme - Local File Inclusion (LFI) name: WordPress mTheme-Unus Theme - Local File Inclusion
author: dhiyaneshDk author: dhiyaneshDk
severity: high severity: high
description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability. description: WordPress mTheme-Unus Theme is vulnerable to local file inclusion via css.php.
reference: reference:
- https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb - https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
- https://packetstormsecurity.com/files/133778/ - https://packetstormsecurity.com/files/133778/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cwe-id: CWE-22
tags: wordpress,wp-theme,lfi,wordpress,mtheme tags: wordpress,wp-theme,lfi,wordpress,mtheme
requests: requests:
@ -27,3 +31,5 @@ requests:
- type: status - type: status
status: status:
- 200 - 200
# Enhanced by mp on 2022/08/05