parent
64cd216ab5
commit
b2e886f09b
|
@ -1,4 +1,4 @@
|
||||||
id: eyou-email-rce
|
id: CVE-2014-1203
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Eyou E-Mail <3.6 - Remote Code Execution
|
name: Eyou E-Mail <3.6 - Remote Code Execution
|
|
@ -1,15 +1,14 @@
|
||||||
id: CVE-2016-10367
|
id: CVE-2016-10367
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Opsview Monitor Pro - Unauthenticated Directory Traversal
|
name: Opsview Monitor Pro - Local File Inclusion
|
||||||
author: 0x_akoko
|
author: 0x_akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass
|
description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.
|
||||||
reference:
|
reference:
|
||||||
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
|
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
|
||||||
- https://www.cvedetails.com/cve/CVE-2016-10367
|
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
|
|
||||||
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
|
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-10367
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
@ -35,3 +34,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 404
|
- 404
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,15 +1,15 @@
|
||||||
id: CVE-2019-10717
|
id: CVE-2019-10717
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: BlogEngine.NET 3.3.7.0 - Directory Traversal
|
name: BlogEngine.NET 3.3.7.0 - Local File Inclusion
|
||||||
author: arafatansari
|
author: arafatansari
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter
|
BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
|
||||||
reference:
|
reference:
|
||||||
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
|
- https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
|
|
||||||
- https://github.com/rxtur/BlogEngine.NET/commits/master
|
- https://github.com/rxtur/BlogEngine.NET/commits/master
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2019-10717
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
|
||||||
cvss-score: 7.1
|
cvss-score: 7.1
|
||||||
|
@ -39,3 +39,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
id: CVE-2020-10770
|
id: CVE-2020-10770
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
|
name: Keycloak 12.0.1 - request_uri Blind Server-Side Request Forgery (SSRF)
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: medium
|
severity: medium
|
||||||
description: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
|
description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
|
- https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
|
||||||
- https://www.exploit-db.com/exploits/50405
|
- https://www.exploit-db.com/exploits/50405
|
||||||
|
@ -27,3 +27,5 @@ requests:
|
||||||
part: interactsh_protocol # Confirms the HTTP Interaction
|
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||||
words:
|
words:
|
||||||
- "http"
|
- "http"
|
||||||
|
|
||||||
|
# Enhanced by cs 08/03/2022
|
||||||
|
|
|
@ -4,14 +4,14 @@ info:
|
||||||
name: Reprise License Manager 14.2 - Authentication Bypass
|
name: Reprise License Manager 14.2 - Authentication Bypass
|
||||||
author: Akincibor
|
author: Akincibor
|
||||||
severity: critical
|
severity: critical
|
||||||
description: Reprise License Manager (RLM( 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
|
description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-44152
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 10.0
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2021-44152
|
cve-id: CVE-2021-44152
|
||||||
cwe-id: CWE-288
|
cwe-id: CWE-287
|
||||||
tags: unauth,rlm
|
tags: unauth,rlm
|
||||||
|
|
||||||
requests:
|
requests:
|
|
@ -1,11 +1,16 @@
|
||||||
id: dlink-file-read
|
id: dlink-file-read
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: D-Link - Arbitrary File Retrieval
|
name: D-Link - Local File Inclusion
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: high
|
severity: high
|
||||||
|
description: D-Link is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
|
- https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||||
|
cvss-score: 8.3
|
||||||
|
cwe-id: CWE-522
|
||||||
tags: dlink,lfi
|
tags: dlink,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: jolokia-unauthenticated-lfi
|
id: jolokia-unauthenticated-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Jolokia - Unauthenticated Local File Read
|
name: Jolokia - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
description: This exploit allow you to File read with compilerDirectivesAdd
|
description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd.
|
||||||
reference:
|
reference:
|
||||||
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
- https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
|
||||||
- https://github.com/laluka/jolokia-exploitation-toolkit
|
- https://github.com/laluka/jolokia-exploitation-toolkit
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||||
|
cvss-score: 8.3
|
||||||
|
cwe-id: CWE-522
|
||||||
tags: jolokia,springboot,tomcat,lfi
|
tags: jolokia,springboot,tomcat,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
id: elfinder-detect
|
id: elfinder-detect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: elFinder Detect
|
name: elFinder - Install Detection
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
|
description: An elFinder implementation was discovered.
|
||||||
severity: info
|
severity: info
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||||
|
cvss-score: 0.0
|
||||||
|
cwe-id: CWE-200
|
||||||
tags: tech,elfinder
|
tags: tech,elfinder
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -10,7 +10,6 @@ info:
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||||
cvss-score: 9.8
|
cvss-score: 9.8
|
||||||
cve-id: CVE-2020-22210
|
|
||||||
cwe-id: CWE-89
|
cwe-id: CWE-89
|
||||||
tags: 74cms,sqli
|
tags: 74cms,sqli
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: hjtcloud-rest-arbitrary-file-read
|
id: hjtcloud-rest-arbitrary-file-read
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: HJTcloud Arbitrary file read
|
name: HJTcloud - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: low
|
severity: low
|
||||||
|
description: HJTcloud is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
|
- https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: hjtcloud,lfi
|
tags: hjtcloud,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -33,3 +38,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: hrsale-unauthenticated-lfi
|
id: hrsale-unauthenticated-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi
|
name: Hrsale 2.0.0 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: This exploit allow you to download any readable file from server without permission and login session
|
description: Hrsale 2.0.0 is vulnerable to local file inclusion. This exploit allow you to download any readable file from server without permission and login session
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/48920
|
- https://www.exploit-db.com/exploits/48920
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: hrsale,lfi
|
tags: hrsale,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +28,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: huawei-hg659-lfi
|
id: huawei-hg659-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: HUAWEI HG659 LFI
|
name: HUAWEI HG659 - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
|
description: HUAWEI HG659 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://twitter.com/sec715/status/1406782172443287559
|
- https://twitter.com/sec715/status/1406782172443287559
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,huawei
|
tags: lfi,huawei
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
id: huijietong-cloud-fileread
|
id: huijietong-cloud-fileread
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Huijietong Cloud File Read
|
name: Huijietong - Local File Inclusion
|
||||||
author: princechaddha,ritikchaddha
|
author: princechaddha,ritikchaddha
|
||||||
|
description: Huijietong is vulnerable to local file inclusion.
|
||||||
severity: high
|
severity: high
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: body="/him/api/rest/v1.0/node/role"
|
fofa-query: body="/him/api/rest/v1.0/node/role"
|
||||||
|
@ -31,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: interlib-fileread
|
id: interlib-fileread
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Interlib Fileread
|
name: Interlib - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
|
description: Interlib is vulnerable to local file inclusion.
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: interlib,lfi
|
tags: interlib,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: jeewms-lfi
|
id: jeewms-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: JEEWMS LFI
|
name: JEEWMS - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
|
description: JEEWMS is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
|
- https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: jeewms,lfi
|
tags: jeewms,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -33,3 +38,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,14 +1,17 @@
|
||||||
id: jinfornet-jreport-lfi
|
id: jinfornet-jreport-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
|
name: Jinfornet Jreport 15.6 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission.
|
description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
|
||||||
This vulnerability affects Windows and Unix operating systems.
|
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2020030151
|
- https://cxsecurity.com/issue/WLB-2020030151
|
||||||
- https://www.jinfonet.com/product/download-jreport/
|
- https://www.jinfonet.com/product/download-jreport/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: jreport,jinfornet,lfi
|
tags: jreport,jinfornet,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: joomla-com-fabrik-lfi
|
id: joomla-com-fabrik-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Joomla! com_fabrik 3.9.11 - Directory Traversal
|
name: Joomla! com_fabrik 3.9.11 - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Joomla! com_fabrik 3.9.11 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/48263
|
- https://www.exploit-db.com/exploits/48263
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: joomla,lfi
|
tags: joomla,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: karel-ip-phone-lfi
|
id: karel-ip-phone-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal
|
name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
|
description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2020100038
|
- https://cxsecurity.com/issue/WLB-2020100038
|
||||||
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
|
- https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: karel,lfi
|
tags: karel,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: kingdee-eas-directory-traversal
|
id: kingdee-eas-directory-traversal
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Kingdee EAS - Directory Traversal
|
name: Kingdee EAS - Local File Inclusion
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Kingdee OA server_file has a directory traversal vulnerability, attackers can obtain sensitive server information through directory traversal.
|
description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
|
- https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: kingdee,lfi,traversal
|
tags: kingdee,lfi,traversal
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -33,3 +37,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: kingsoft-v8-file-read
|
id: kingsoft-v8-file-read
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Kingsoft V8 File Read
|
name: Kingsoft 8 - Local File Inclusion
|
||||||
author: ritikchaddha
|
author: ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Kingsoft 8 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
- https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: kingsoft,lfi
|
tags: kingsoft,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -30,3 +35,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: kyocera-m2035dn-lfi
|
id: kyocera-m2035dn-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval
|
name: Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval.
|
description: Kyocera Command Center RX ECOSYS M2035dn is vulnerable to unauthenticated local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50738
|
- https://www.exploit-db.com/exploits/50738
|
||||||
- https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html
|
- https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: printer,iot,kyocera,lfi
|
tags: printer,iot,kyocera,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +28,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
id: nsasg-arbitrary-file-read
|
id: nsasg-arbitrary-file-read
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: NS ASG Arbitrary File Read
|
name: NS ASG - Local File Inclusion
|
||||||
author: pikpikcu,ritikchaddha
|
author: pikpikcu,ritikchaddha
|
||||||
severity: high
|
severity: high
|
||||||
|
description: NS ASG is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://zhuanlan.zhihu.com/p/368054963
|
- https://zhuanlan.zhihu.com/p/368054963
|
||||||
- http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md
|
- http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: app="网康科技-NS-ASG安全网关"
|
fofa-query: app="网康科技-NS-ASG安全网关"
|
||||||
shodan-query: http.title:“NS-ASG”
|
shodan-query: http.title:“NS-ASG”
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: nsasg,lfi
|
tags: nsasg,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -31,3 +36,5 @@ requests:
|
||||||
- "$certfile"
|
- "$certfile"
|
||||||
- "application/pdf"
|
- "application/pdf"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/03
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: nuuo-file-inclusion
|
id: nuuo-file-inclusion
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval
|
name: NUUO NVRmini 2 3.0.8 - Local File Inclusion
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: high
|
||||||
|
description: NUUO NVRmini 2 3.0.8 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/40211
|
- https://www.exploit-db.com/exploits/40211
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: nuuo,lfi
|
tags: nuuo,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -28,3 +33,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: oliver-library-lfi
|
id: oliver-library-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval
|
name: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
|
||||||
author: gy741
|
author: gy741
|
||||||
severity: high
|
severity: high
|
||||||
description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input.
|
description: Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50599
|
- https://www.exploit-db.com/exploits/50599
|
||||||
- https://www.softlinkint.com/product/oliver/
|
- https://www.softlinkint.com/product/oliver/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: windows,lfi,oliver
|
tags: windows,lfi,oliver
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +27,5 @@ requests:
|
||||||
- "fonts"
|
- "fonts"
|
||||||
- "extensions"
|
- "extensions"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,15 +1,20 @@
|
||||||
id: opencti-lfi
|
id: opencti-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: OpenCTI 3.3.1 - Directory Traversal
|
name: OpenCTI 3.3.1 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
|
description: OpenCTI 3.3.1 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2020060078
|
- https://cxsecurity.com/issue/WLB-2020060078
|
||||||
- https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1
|
- https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"OpenCTI"
|
shodan-query: http.html:"OpenCTI"
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: opencti,lfi,oss
|
tags: opencti,lfi,oss
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,13 +1,16 @@
|
||||||
id: opensis-lfi
|
id: opensis-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: openSIS 5.1 - 'ajax.php' Local File Inclusion
|
name: openSIS 5.1 - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker
|
description: openSIS 5.1 is vulnerable to local file inclusion and allows attackers to obtain potentially sensitive information by executing arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible.
|
||||||
to compromise the application and computer; other attacks are also possible.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/38039
|
- https://www.exploit-db.com/exploits/38039
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: opensis,lfi
|
tags: opensis,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
id: orbiteam-bscw-server-lfi
|
id: orbiteam-bscw-server-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: OrbiTeam BSCW Server - Unauthenticated LFI
|
name: OrbiTeam BSCW Server - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal
|
OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below are vulnerable to unauthenticated local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html
|
- https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: bscw,orbiteam,lfi,unauth
|
tags: bscw,orbiteam,lfi,unauth
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: pacsone-server-lfi
|
id: pacsone-server-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal
|
name: PACSOne Server 6.6.2 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
|
description: PACSOne Server 6.6.2 is vulnerable to local file inclusion via its integrated DICOM Web Viewer.
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2018010303
|
- https://cxsecurity.com/issue/WLB-2018010303
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: pacsone,lfi
|
tags: pacsone,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -22,3 +27,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
id: phpwiki-lfi
|
id: phpwiki-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: phpwiki 1.5.4 - XSS / Local File Inclusion
|
name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
|
description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/38027
|
- https://www.exploit-db.com/exploits/38027
|
||||||
tags: phpwiki,lfi,xss
|
tags: phpwiki,lfi,xss
|
||||||
|
@ -24,3 +24,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: pmb-directory-traversal
|
id: pmb-directory-traversal
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: PMB 5.6 - Arbitrary File Retrieval
|
name: PMB 5.6 - Local File Inclusion
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: medium
|
severity: medium
|
||||||
description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval.
|
description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html
|
- https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi
|
tags: lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: pmb-local-file-disclosure
|
id: pmb-local-file-disclosure
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: PMB 5.6 - getgif.php Arbitrary File Retrieval
|
name: PMB 5.6 - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
|
description: PMB 5.6 is vulnerable to local file inclusion.
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/49054
|
- https://www.exploit-db.com/exploits/49054
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,pmb
|
tags: lfi,pmb
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -21,3 +26,5 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "root:x:0"
|
- "root:x:0"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: processmaker-lfi
|
id: processmaker-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: ProcessMaker <= 3.5.4 Directory Traversal
|
name: ProcessMaker <=3.5.4 - Local File Inclusion
|
||||||
author: KrE80r
|
author: KrE80r
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content.
|
description: ProcessMaker 3.5.4 and prior is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50229
|
- https://www.exploit-db.com/exploits/50229
|
||||||
- https://www.processmaker.com
|
- https://www.processmaker.com
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: processmaker,lfi
|
tags: processmaker,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: sl-studio-lfi
|
id: sl-studio-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Webbdesign SL-Studio Directory Traversal
|
name: Webbdesign SL-Studio - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Webbdesign SL-Studio is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2018110187
|
- https://cxsecurity.com/issue/WLB-2018110187
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
metadata:
|
metadata:
|
||||||
google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.'
|
google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.'
|
||||||
tags: slstudio,lfi
|
tags: slstudio,lfi
|
||||||
|
@ -24,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: sofneta-mecdream-pacs-lfi
|
id: sofneta-mecdream-pacs-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
|
name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion
|
||||||
author: 0x_akoko
|
author: 0x_akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
|
description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45347
|
- https://www.exploit-db.com/exploits/45347
|
||||||
- https://www.softneta.com/products/meddream-pacs-server/downloads.html
|
- https://www.softneta.com/products/meddream-pacs-server/downloads.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
metadata:
|
metadata:
|
||||||
google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
|
google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
|
||||||
tags: sofneta,lfi
|
tags: sofneta,lfi
|
||||||
|
@ -25,3 +29,5 @@ requests:
|
||||||
- "fonts"
|
- "fonts"
|
||||||
- "extensions"
|
- "extensions"
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -5,9 +5,13 @@ info:
|
||||||
author: arafatansari
|
author: arafatansari
|
||||||
severity: high
|
severity: high
|
||||||
description: |
|
description: |
|
||||||
Surreal ToDo is affected by Local File Inclusion on index.php via content parameter.
|
Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/45826
|
- https://www.exploit-db.com/exploits/45826
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
tags: surreal,lfi
|
tags: surreal,lfi
|
||||||
|
@ -26,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
id: symantec-messaging-gateway
|
id: symantec-messaging-gateway
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Symantec Messaging Gateway LFI
|
name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
|
||||||
author: Random_Robbie
|
author: Random_Robbie
|
||||||
severity: medium
|
severity: medium
|
||||||
description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal
|
description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,messaging,symantec
|
tags: lfi,messaging,symantec
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -21,3 +25,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: tpshop-directory-traversal
|
id: tpshop-directory-traversal
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: TPshop Directory Traversal
|
name: TPshop - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
|
description: TPshop is vulnerable to local file inclusion.
|
||||||
severity: high
|
severity: high
|
||||||
reference:
|
reference:
|
||||||
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
|
- https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: tpshop,lfi
|
tags: tpshop,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +28,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,16 +1,16 @@
|
||||||
id: umbraco-base-ssrf
|
id: umbraco-base-ssrf
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Umbraco v8.14.1 - 'baseUrl' SSRF
|
name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: medium
|
severity: medium
|
||||||
|
description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50462
|
- https://www.exploit-db.com/exploits/50462
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||||
cvss-score: 5.3
|
cvss-score: 6.8
|
||||||
cve-id: CVE-2020-10770
|
cwe-id: CWE-918
|
||||||
cwe-id: CWE-601
|
|
||||||
metadata:
|
metadata:
|
||||||
verified: true
|
verified: true
|
||||||
shodan-query: http.html:"Umbraco"
|
shodan-query: http.html:"Umbraco"
|
||||||
|
@ -37,3 +37,5 @@ requests:
|
||||||
- "len(body_1)==0"
|
- "len(body_1)==0"
|
||||||
- "len(body_2)==0"
|
- "len(body_2)==0"
|
||||||
- "len(body_3)==0"
|
- "len(body_3)==0"
|
||||||
|
|
||||||
|
# Enhanced by cs 08/03/2022
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
id: viewlinc-crlf-injection
|
id: viewlinc-crlf-injection
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection.
|
name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
|
||||||
author: geeknik
|
author: geeknik
|
||||||
severity: low
|
severity: low
|
||||||
description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned.
|
description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned.
|
||||||
reference:
|
reference:
|
||||||
- https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
|
- https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
|
||||||
tags: crlf,viewlinc
|
tags: crlf,viewlinc
|
||||||
|
@ -29,3 +29,5 @@ requests:
|
||||||
- "Set-Cookie: crlfinjection=crlfinjection"
|
- "Set-Cookie: crlfinjection=crlfinjection"
|
||||||
part: header
|
part: header
|
||||||
condition: and
|
condition: and
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,15 +1,18 @@
|
||||||
id: xerox-efi-lfi
|
id: xerox-efi-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
|
name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
|
||||||
author: gy741
|
author: gy741
|
||||||
severity: high
|
severity: high
|
||||||
description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary
|
description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
|
||||||
files on the affected system.
|
|
||||||
reference:
|
reference:
|
||||||
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
|
||||||
- https://packetstormsecurity.com/files/145570
|
- https://packetstormsecurity.com/files/145570
|
||||||
- https://www.exploit-db.com/exploits/43398/
|
- https://www.exploit-db.com/exploits/43398/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: iot,xerox,disclosure,lfi
|
tags: iot,xerox,disclosure,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: yishaadmin-lfi
|
id: yishaadmin-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: yishaadmin path traversal
|
name: yishaadmin - Local File Inclusion
|
||||||
author: Evan Rubinstein
|
author: Evan Rubinstein
|
||||||
severity: high
|
severity: high
|
||||||
description: An endpoint in yshaadmin "/admin/File/DownloadFile" was improperly secured, allowing for files to be downloaded, read or deleted without any authentication.
|
description: yishaadmin is vulnerable to local file inclusion via the "/admin/File/DownloadFile" endpoint and allows files to be downloaded, read or deleted without any authentication.
|
||||||
reference:
|
reference:
|
||||||
- https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/
|
- https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/
|
||||||
- https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186
|
- https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,yishaadmin
|
tags: lfi,yishaadmin
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: ruijie-networks-lfi
|
id: ruijie-networks-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
|
name: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
|
description: Ruijie Networks Switch eWeb S29_RGOS 11.4 is vulnerable to local file inclusion and allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
|
||||||
reference:
|
reference:
|
||||||
- https://exploit-db.com/exploits/48755
|
- https://exploit-db.com/exploits/48755
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: ruijie,lfi
|
tags: ruijie,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -30,3 +34,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: wooyun-2015-148227
|
id: wooyun-2015-148227
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Seeyon WooYun LFR
|
name: Seeyon WooYun - Local File Inclusion
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker.
|
description: Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
|
- https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: seeyon,wooyun,lfi,zhiyuan
|
tags: seeyon,wooyun,lfi,zhiyuan
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +30,5 @@ requests:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "application/xml"
|
- "application/xml"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/04
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: squirrelmail-lfi
|
id: squirrelmail-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: SquirrelMail 1.2.11 Local File Inclusion
|
name: SquirrelMail 1.2.11 - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
|
description: SquirrelMail 1.2.11 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/22793
|
- https://www.exploit-db.com/exploits/22793
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,squirrelmail
|
tags: lfi,squirrelmail
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,14 +1,19 @@
|
||||||
id: thinkcmf-lfi
|
id: thinkcmf-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: ThinkCMF LFI
|
name: ThinkCMF - Local File Inclusion
|
||||||
author: pikpikcu
|
author: pikpikcu
|
||||||
severity: high
|
severity: high
|
||||||
|
description: ThinkCMF is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.freebuf.com/vuls/217586.html
|
- https://www.freebuf.com/vuls/217586.html
|
||||||
metadata:
|
metadata:
|
||||||
win-payload: ../../../../../../../../../../../../../../../../windows/win.ini
|
win-payload: ../../../../../../../../../../../../../../../../windows/win.ini
|
||||||
unix-payload: ../../../../../../../../../../../../../../../../etc/passwd
|
unix-payload: ../../../../../../../../../../../../../../../../etc/passwd
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: thinkcmf,lfi
|
tags: thinkcmf,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -29,3 +34,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
id: vmware-vcenter-lfi-linux
|
id: vmware-vcenter-lfi-linux
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Vmware Vcenter LFI for Linux appliances
|
name: Linux Vmware Vcenter - Local File Inclusion
|
||||||
author: PR3R00T
|
author: PR3R00T
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: vmware,lfi,vcenter
|
tags: vmware,lfi,vcenter
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -14,3 +19,5 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- "vCenter Server"
|
- "vCenter Server"
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
id: vmware-vcenter-lfi
|
id: vmware-vcenter-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: VMware vCenter Unauthenticated Arbitrary File Read
|
name: VMware vCenter - Local File Inclusion
|
||||||
author: dwisiswant0
|
author: dwisiswant0
|
||||||
severity: high
|
severity: high
|
||||||
|
description: VMware vCenter is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://kb.vmware.com/s/article/7960893
|
- https://kb.vmware.com/s/article/7960893
|
||||||
- https://twitter.com/ptswarm/status/1316016337550938122
|
- https://twitter.com/ptswarm/status/1316016337550938122
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: vmware,lfi,vcenter
|
tags: vmware,lfi,vcenter
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -30,3 +35,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,11 +1,16 @@
|
||||||
id: ecology-filedownload-directory-traversal
|
id: ecology-filedownload-directory-traversal
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Ecology Directory Traversal
|
name: Ecology - Local File Inclusion
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: medium
|
severity: medium
|
||||||
|
description: Ecology is vulnerable to local file inclusion.
|
||||||
metadata:
|
metadata:
|
||||||
fofa-query: app="泛微-协同办公OA"
|
fofa-query: app="泛微-协同办公OA"
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: ecology,lfi
|
tags: ecology,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -21,3 +26,5 @@ requests:
|
||||||
words:
|
words:
|
||||||
- "<url-pattern>/weaver/"
|
- "<url-pattern>/weaver/"
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,9 +1,14 @@
|
||||||
id: ecology-springframework-directory-traversal
|
id: ecology-springframework-directory-traversal
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Ecology Springframework Directory Traversal
|
name: Ecology Springframework - Local File Inclusion
|
||||||
author: princechaddha
|
author: princechaddha
|
||||||
severity: medium
|
severity: medium
|
||||||
|
description: Ecology Springframework is vulnerable to local file inclusion.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: ecology,springframework,lfi
|
tags: ecology,springframework,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -19,3 +24,5 @@ requests:
|
||||||
words:
|
words:
|
||||||
- "<url-pattern>/weaver/"
|
- "<url-pattern>/weaver/"
|
||||||
part: body
|
part: body
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: ad-widget-lfi
|
id: ad-widget-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)
|
name: WordPress Ad Widget 2.11.0 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
|
description: WordPress Ad Widget 2.11.0 is vulnerable to local file inclusion. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
|
||||||
reference:
|
reference:
|
||||||
- https://cxsecurity.com/issue/WLB-2017100084
|
- https://cxsecurity.com/issue/WLB-2017100084
|
||||||
- https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
|
- https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi
|
tags: wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,12 +1,18 @@
|
||||||
id: admin-word-count-column-lfi
|
id: admin-word-count-column-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Admin word count column 2.2 - Arbitrary File Retrieval
|
name: WordPress Admin Word Count Column 2.2 - Local File Inclusion
|
||||||
author: daffainfo,Splint3r7
|
author: daffainfo,Splint3r7
|
||||||
severity: high
|
severity: high
|
||||||
|
description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
|
- https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
|
||||||
- https://wordpress.org/plugins/admin-word-count-column/
|
- https://wordpress.org/plugins/admin-word-count-column/
|
||||||
|
remediation: This plugin has been closed as of March 29, 2022 and is not available for download.
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,wp
|
tags: wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: advanced-access-manager-lfi
|
id: advanced-access-manager-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion
|
name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
|
description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/9873
|
- https://wpscan.com/vulnerability/9873
|
||||||
- https://id.wordpress.org/plugins/advanced-access-manager/
|
- https://id.wordpress.org/plugins/advanced-access-manager/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi
|
tags: wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
id: amministrazione-aperta-lfi
|
id: amministrazione-aperta-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read
|
name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
|
||||||
author: daffainfo,Splint3r7
|
author: daffainfo,Splint3r7
|
||||||
severity: high
|
severity: high
|
||||||
|
description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50838
|
- https://www.exploit-db.com/exploits/50838
|
||||||
- https://wordpress.org/plugins/amministrazione-aperta
|
- https://wordpress.org/plugins/amministrazione-aperta
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,wp
|
tags: wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +28,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
id: aspose-file-download
|
id: aspose-file-download
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval
|
name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability.
|
description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/7866
|
- https://wpscan.com/vulnerability/7866
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,aspose,ebook
|
tags: wordpress,wp-plugin,lfi,aspose,ebook
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -26,3 +30,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
id: aspose-ie-file-download
|
id: aspose-ie-file-download
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval
|
name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
|
description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/131162/
|
- https://packetstormsecurity.com/files/131162/
|
||||||
- https://wordpress.org/plugins/aspose-importer-exporter
|
- https://wordpress.org/plugins/aspose-importer-exporter
|
||||||
|
@ -27,3 +27,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: aspose-pdf-file-download
|
id: aspose-pdf-file-download
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval
|
name: WordPress Aspose PDF Exporter - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
|
description: WordPress Aspose PDF Exporter is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/131161
|
- https://packetstormsecurity.com/files/131161
|
||||||
- https://wordpress.org/plugins/aspose-pdf-exporter
|
- https://wordpress.org/plugins/aspose-pdf-exporter
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,aspose
|
tags: wordpress,wp-plugin,lfi,aspose
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: aspose-words-file-download
|
id: aspose-words-file-download
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval
|
name: WordPress Aspose Words Exporter <2.0 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability.
|
description: WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/7869
|
- https://wpscan.com/vulnerability/7869
|
||||||
- https://wordpress.org/plugins/aspose-doc-exporter
|
- https://wordpress.org/plugins/aspose-doc-exporter
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,aspose
|
tags: wordpress,wp-plugin,lfi,aspose
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: brandfolder-lfi
|
id: brandfolder-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wordpress brandfolder plugin - RFI & LFI
|
name: Wordpress Brandfolder - Remote/Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
|
description: WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/39591
|
- https://www.exploit-db.com/exploits/39591
|
||||||
- https://cxsecurity.com/issue/WLB-2016030120
|
- https://cxsecurity.com/issue/WLB-2016030120
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,rfi
|
tags: wordpress,wp-plugin,lfi,rfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
id: brandfolder-open-redirect
|
id: brandfolder-open-redirect
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: WordPress Brandfolder Plugin Open Redirect
|
name: WordPress Brandfolder - Remote/Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: low
|
severity: low
|
||||||
description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
|
description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/39591
|
- https://www.exploit-db.com/exploits/39591
|
||||||
tags: wordpress,wp-plugin,lfi,rfi
|
tags: wordpress,wp-plugin,lfi,rfi
|
||||||
|
@ -19,3 +19,5 @@ requests:
|
||||||
regex:
|
regex:
|
||||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
|
- '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
|
||||||
part: header
|
part: header
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,12 +1,17 @@
|
||||||
id: cab-fare-calculator-lfi
|
id: cab-fare-calculator-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Cab fare calculator 1.0.3 - Unauthenticated Local File Inclusion
|
name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion
|
||||||
author: Hassan Khan Yusufzai - Splint3r7
|
author: Hassan Khan Yusufzai - Splint3r7
|
||||||
severity: high
|
severity: high
|
||||||
|
description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/50843
|
- https://www.exploit-db.com/exploits/50843
|
||||||
- https://wordpress.org/plugins/cab-fare-calculator
|
- https://wordpress.org/plugins/cab-fare-calculator
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,wp
|
tags: wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -23,3 +28,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/01
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: church-admin-lfi
|
id: church-admin-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
|
name: WordPress Church Admin 0.33.2.1 - Local File Inclusion
|
||||||
author: 0x_Akoko
|
author: 0x_Akoko
|
||||||
severity: high
|
severity: high
|
||||||
description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
|
description: WordPress Church Admin 0.33.2.1 is vulnerable to local file inclusion via the "key" parameter of plugins/church-admin/display/download.php.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/8997
|
- https://wpscan.com/vulnerability/8997
|
||||||
- https://id.wordpress.org/plugins/church-admin/
|
- https://id.wordpress.org/plugins/church-admin/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi
|
tags: wordpress,wp-plugin,lfi
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -25,3 +29,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,14 +1,17 @@
|
||||||
id: db-backup-lfi
|
id: db-backup-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: DB Backup <= 4.5 - Path Traversal File Access
|
name: WordPress DB Backup <=4.5 - Local File Inclusion
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: high
|
severity: high
|
||||||
description: WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive
|
description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
|
||||||
information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
|
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536
|
- https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536
|
||||||
- https://www.exploit-db.com/exploits/35378
|
- https://www.exploit-db.com/exploits/35378
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,wp
|
tags: wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -28,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,13 +1,18 @@
|
||||||
id: hb-audio-lfi
|
id: hb-audio-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval
|
name: Wordpress HB Audio Gallery Lite - Local File Inclusion
|
||||||
author: dhiyaneshDK
|
author: dhiyaneshDK
|
||||||
severity: high
|
severity: high
|
||||||
|
description: Wordpress HB Audio Gallery Lite is vulnerable to local file inclusion.
|
||||||
reference:
|
reference:
|
||||||
- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html
|
- https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html
|
||||||
metadata:
|
metadata:
|
||||||
google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite
|
google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-plugin,lfi,wp
|
tags: wordpress,wp-plugin,lfi,wp
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +32,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,14 +1,18 @@
|
||||||
id: health-check-lfi
|
id: health-check-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal
|
name: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
|
||||||
author: DhiyaneshDK
|
author: DhiyaneshDK
|
||||||
severity: high
|
severity: high
|
||||||
description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.
|
description: WordPress Health Check & Troubleshooting prior to 1.2.4 is vulnerable to local file inclusion. Exploitation does require authentication.
|
||||||
remediation: Fixed in version 1.2.4
|
remediation: Upgrade to version 1.2.4 or later.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
|
- https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
|
||||||
- https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
|
- https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
|
tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -43,3 +47,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
|
@ -1,13 +1,17 @@
|
||||||
id: mthemeunus-lfi
|
id: mthemeunus-lfi
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: mTheme-Unus Theme - Local File Inclusion (LFI)
|
name: WordPress mTheme-Unus Theme - Local File Inclusion
|
||||||
author: dhiyaneshDk
|
author: dhiyaneshDk
|
||||||
severity: high
|
severity: high
|
||||||
description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability.
|
description: WordPress mTheme-Unus Theme is vulnerable to local file inclusion via css.php.
|
||||||
reference:
|
reference:
|
||||||
- https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
|
- https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
|
||||||
- https://packetstormsecurity.com/files/133778/
|
- https://packetstormsecurity.com/files/133778/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cwe-id: CWE-22
|
||||||
tags: wordpress,wp-theme,lfi,wordpress,mtheme
|
tags: wordpress,wp-theme,lfi,wordpress,mtheme
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -27,3 +31,5 @@ requests:
|
||||||
- type: status
|
- type: status
|
||||||
status:
|
status:
|
||||||
- 200
|
- 200
|
||||||
|
|
||||||
|
# Enhanced by mp on 2022/08/05
|
||||||
|
|
Loading…
Reference in New Issue