Dashboard Content Enhancements (#5009)

Dashboard Content Enhancements
2022-08-05 09:57:51 -04:00 · 2022-08-05 09:57:51 -04:00 · b2e886f09b
parent 64cd216ab5
commit b2e886f09b
65 changed files with 473 additions and 115 deletions
--- a/vulnerabilities/eyou/eyou-email-rce.yaml
+++ b/vulnerabilities/eyou/eyou-email-rce.yaml
@ -1,4 +1,4 @@
-id: eyou-email-rce
+id: CVE-2014-1203
 info:
  name: Eyou E-Mail <3.6 - Remote Code Execution
--- a/cves/2016/CVE-2016-10367.yaml
+++ b/cves/2016/CVE-2016-10367.yaml
@ -1,15 +1,14 @@
 id: CVE-2016-10367
 info:
-  name: Opsview Monitor Pro - Unauthenticated Directory Traversal
+  name: Opsview Monitor Pro - Local File Inclusion
  author: 0x_akoko
  severity: high
-  description: The unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass
+  description: Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.
  reference:
    - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18774
    - https://www.cvedetails.com/cve/CVE-2016-10367
    - https://nvd.nist.gov/vuln/detail/CVE-2016-10367
    - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-016/?fid=8341
    - https://nvd.nist.gov/vuln/detail/CVE-2016-10367
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
@ -35,3 +34,5 @@ requests:
      - type: status
        status:
          - 404
 # Enhanced by mp on 2022/08/03
--- a/cves/2019/CVE-2019-10717.yaml
+++ b/cves/2019/CVE-2019-10717.yaml
@ -1,15 +1,15 @@
 id: CVE-2019-10717
 info:
-  name: BlogEngine.NET 3.3.7.0 - Directory Traversal
+  name: BlogEngine.NET 3.3.7.0 - Local File Inclusion
  author: arafatansari
  severity: high
  description: |
-    BlogEngine.NET 3.3.7.0 allows /api/filemanager Directory Traversal via the path parameter
+    BlogEngine.NET 3.3.7.0 allows /api/filemanager local file inclusion via the path parameter
  reference:
    - https://www.securitymetrics.com/blog/Blogenginenet-Directory-Traversal-Listing-Login-Page-Unvalidated-Redirect
    - https://nvd.nist.gov/vuln/detail/CVE-2019-10717
    - https://github.com/rxtur/BlogEngine.NET/commits/master
    - https://nvd.nist.gov/vuln/detail/CVE-2019-10717
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
    cvss-score: 7.1
@ -39,3 +39,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/cves/2020/CVE-2020-10770.yaml
+++ b/cves/2020/CVE-2020-10770.yaml
@ -1,10 +1,10 @@
 id: CVE-2020-10770
 info:
-  name: Keycloak 12.0.1 - 'request_uri ' Blind Server-Side Request Forgery (SSRF) (Unauthenticated)
+  name: Keycloak 12.0.1 - request_uri  Blind Server-Side Request Forgery (SSRF)
  author: dhiyaneshDk
  severity: medium
-  description: A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.
+  description: Keycloak 12.0.1 and below allow an attacker to force the server to request an unverified URL using the OIDC parameter request_uri. This allows an attacker to execute a server-side request forgery (SSRF) attack.
  reference:
    - https://packetstormsecurity.com/files/164499/Keycloak-12.0.1-Server-Side-Request-Forgery.html
    - https://www.exploit-db.com/exploits/50405
@ -27,3 +27,5 @@ requests:
        part: interactsh_protocol # Confirms the HTTP Interaction
        words:
          - "http"
 # Enhanced by cs 08/03/2022
--- a/vulnerabilities/other/unauth-rlm.yaml
+++ b/vulnerabilities/other/unauth-rlm.yaml
@ -4,14 +4,14 @@ info:
  name: Reprise License Manager 14.2 - Authentication Bypass
  author: Akincibor
  severity: critical
-  description: Reprise License Manager (RLM( 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
+  description: Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2021-44152
  classification:
-    cvss-metrics: CVSS:10.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 10.0
+    cvss-score: 9.8
    cve-id: CVE-2021-44152
-    cwe-id: CWE-288
+    cwe-id: CWE-287
  tags: unauth,rlm
 requests:
--- a/misconfiguration/d-link-arbitary-fileread.yaml
+++ b/misconfiguration/d-link-arbitary-fileread.yaml
@ -1,11 +1,16 @@
 id: dlink-file-read
 info:
-  name: D-Link - Arbitrary File Retrieval
+  name: D-Link - Local File Inclusion
  author: dhiyaneshDK
  severity: high
  description: D-Link is vulnerable to local file inclusion.
  reference:
    - https://suid.ch/research/DAP-2020_Preauth_RCE_Chain.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  tags: dlink,lfi
 requests:
@ -25,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
+++ b/misconfiguration/jolokia/jolokia-unauthenticated-lfi.yaml
@ -1,13 +1,17 @@
 id: jolokia-unauthenticated-lfi
 info:
-  name: Jolokia - Unauthenticated Local File Read
+  name: Jolokia - Local File Inclusion
  author: dhiyaneshDk
  severity: high
-  description: This exploit allow you to File read with compilerDirectivesAdd
+  description: Jolokia is vulnerable to local file inclusion via compilerDirectivesAdd.
  reference:
    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
    - https://github.com/laluka/jolokia-exploitation-toolkit
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  tags: jolokia,springboot,tomcat,lfi
 requests:
@ -28,4 +32,6 @@ requests:
      - type: status
        status:
-          - 200
+          - 200
 # Enhanced by mp on 2022/08/03
--- a/technologies/elfinder-detect.yaml
+++ b/technologies/elfinder-detect.yaml
@ -1,9 +1,14 @@
 id: elfinder-detect
 info:
-  name: elFinder Detect
+  name: elFinder - Install Detection
  author: pikpikcu
  description: An elFinder implementation was discovered.
  severity: info
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
  tags: tech,elfinder
 requests:
@ -24,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/74cms-sqli.yaml
+++ b/vulnerabilities/other/74cms-sqli.yaml
@ -10,7 +10,6 @@ info:
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-22210
    cwe-id: CWE-89
  tags: 74cms,sqli
--- a/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml
+++ b/vulnerabilities/other/hjtcloud-rest-arbitrary-file-read.yaml
@ -1,11 +1,16 @@
 id: hjtcloud-rest-arbitrary-file-read
 info:
-  name: HJTcloud Arbitrary file read
+  name: HJTcloud - Local File Inclusion
  author: pikpikcu
  severity: low
  description: HJTcloud is vulnerable to local file inclusion.
  reference:
    - https://mp.weixin.qq.com/s/w2pkj5ADN7b5uxe-wmfGbw
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: hjtcloud,lfi
 requests:
@ -33,3 +38,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml
+++ b/vulnerabilities/other/hrsale-unauthenticated-lfi.yaml
@ -1,12 +1,16 @@
 id: hrsale-unauthenticated-lfi
 info:
-  name: Hrsale 2.0.0 - Hrsale Unauthenticated Lfi
+  name: Hrsale 2.0.0 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: This exploit allow you to download any readable file from server without permission and login session
+  description: Hrsale 2.0.0 is vulnerable to local file inclusion. This exploit allow you to download any readable file from server without permission and login session
  reference:
    - https://www.exploit-db.com/exploits/48920
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: hrsale,lfi
 requests:
@ -24,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/huawei-hg659-lfi.yaml
+++ b/vulnerabilities/other/huawei-hg659-lfi.yaml
@ -1,11 +1,16 @@
 id: huawei-hg659-lfi
 info:
-  name: HUAWEI HG659 LFI
+  name: HUAWEI HG659 - Local File Inclusion
  author: pikpikcu
  severity: high
  description: HUAWEI HG659 is vulnerable to local file inclusion.
  reference:
    - https://twitter.com/sec715/status/1406782172443287559
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,huawei
 requests:
@ -24,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/huijietong-cloud-fileread.yaml
+++ b/vulnerabilities/other/huijietong-cloud-fileread.yaml
@ -1,8 +1,9 @@
 id: huijietong-cloud-fileread
 info:
-  name: Huijietong Cloud File Read
+  name: Huijietong - Local File Inclusion
  author: princechaddha,ritikchaddha
  description: Huijietong is vulnerable to local file inclusion.
  severity: high
  metadata:
    fofa-query: body="/him/api/rest/v1.0/node/role"
@ -31,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/interlib-fileread.yaml
+++ b/vulnerabilities/other/interlib-fileread.yaml
@ -1,11 +1,16 @@
 id: interlib-fileread
 info:
-  name: Interlib Fileread
+  name: Interlib - Local File Inclusion
  author: pikpikcu
  description: Interlib is vulnerable to local file inclusion.
  severity: high
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/PeiQi/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6/%E5%9B%BE%E5%88%9B%E8%BD%AF%E4%BB%B6%20%E5%9B%BE%E4%B9%A6%E9%A6%86%E7%AB%99%E7%BE%A4%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: interlib,lfi
 requests:
@ -26,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/jeewms-lfi.yaml
+++ b/vulnerabilities/other/jeewms-lfi.yaml
@ -1,11 +1,16 @@
 id: jeewms-lfi
 info:
-  name: JEEWMS LFI
+  name: JEEWMS - Local File Inclusion
  author: pikpikcu
  severity: high
  description: JEEWMS is vulnerable to local file inclusion.
  reference:
    - https://mp.weixin.qq.com/s/ylOuWc8elD2EtM-1LiJp9g
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: jeewms,lfi
 requests:
@ -33,3 +38,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/jinfornet-jreport-lfi.yaml
+++ b/vulnerabilities/other/jinfornet-jreport-lfi.yaml
@ -1,14 +1,17 @@
 id: jinfornet-jreport-lfi
 info:
-  name: Jinfornet Jreport 15.6 - Unauthenticated Directory Traversal
+  name: Jinfornet Jreport 15.6 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Jreport Help function have a path traversal vulnerability in the SendFileServlet allows remote unauthenticated users to view any files on the Operating System with Application services user permission.
+  description: Jinfornet Jreport 15.6 is vulnerable to local file incluion via the Jreport Help function in the SendFileServlet. Exploitaiton allows remote unauthenticated users to view any files on the Operating System with Application services user permission. This vulnerability affects Windows and Unix operating systems.
    This vulnerability affects Windows and Unix operating systems.
  reference:
    - https://cxsecurity.com/issue/WLB-2020030151
    - https://www.jinfonet.com/product/download-jreport/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: jreport,jinfornet,lfi
 requests:
@ -26,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/joomla-com-fabrik-lfi.yaml
+++ b/vulnerabilities/other/joomla-com-fabrik-lfi.yaml
@ -1,11 +1,16 @@
 id: joomla-com-fabrik-lfi
 info:
-  name: Joomla! com_fabrik 3.9.11 - Directory Traversal
+  name: Joomla! com_fabrik 3.9.11 - Local File Inclusion
  author: dhiyaneshDk
  severity: high
  description: Joomla! com_fabrik 3.9.11 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/48263
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: joomla,lfi
 requests:
@ -26,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/karel-ip-phone-lfi.yaml
+++ b/vulnerabilities/other/karel-ip-phone-lfi.yaml
@ -1,13 +1,17 @@
 id: karel-ip-phone-lfi
 info:
-  name: Karel IP Phone IP1211 Web Management Panel - Directory Traversal
+  name: Karel IP Phone IP1211 Web Management Panel - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: A vulnerability in the Karel IP Phone IP1211 Web Management Panel allows remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
+  description: Karel IP Phone IP1211 Web Management Panel is vulnerable to local file inclusion and can allow remote attackers to access arbitrary files stored on the remote device via the 'cgiServer.exx' endpoint and the 'page' parameter.
  reference:
    - https://cxsecurity.com/issue/WLB-2020100038
    - https://www.karel.com.tr/urun-cozum/ip1211-ip-telefon
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: karel,lfi
 requests:
@ -26,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/kingdee-eas-directory-traversal.yaml
+++ b/vulnerabilities/other/kingdee-eas-directory-traversal.yaml
@ -1,12 +1,16 @@
 id: kingdee-eas-directory-traversal
 info:
-  name: Kingdee EAS - Directory Traversal
+  name: Kingdee EAS - Local File Inclusion
  author: ritikchaddha
  severity: medium
-  description: Kingdee OA server_file has a directory traversal vulnerability, attackers can obtain sensitive server information through directory traversal.
+  description: Kingdee EAS OA server_file is vulnerable to local file inclusion and can allow attackers to obtain sensitive server information.
  reference:
    - https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: kingdee,lfi,traversal
 requests:
@ -33,3 +37,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/kingsoft-v8-file-read.yaml
+++ b/vulnerabilities/other/kingsoft-v8-file-read.yaml
@ -1,11 +1,16 @@
 id: kingsoft-v8-file-read
 info:
-  name: Kingsoft V8 File Read
+  name: Kingsoft 8 - Local File Inclusion
  author: ritikchaddha
  severity: high
  description: Kingsoft 8 is vulnerable to local file inclusion.
  reference:
    - https://github.com/PeiQi0/PeiQi-WIKI-POC/blob/b6f8fbfef46ad1c3f8d5715dd19b00ca875341c2/_book/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E9%87%91%E5%B1%B1/%E9%87%91%E5%B1%B1%20V8%20%E7%BB%88%E7%AB%AF%E5%AE%89%E5%85%A8%E7%B3%BB%E7%BB%9F%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E.md
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: kingsoft,lfi
 requests:
@ -30,3 +35,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/kyocera-m2035dn-lfi.yaml
+++ b/vulnerabilities/other/kyocera-m2035dn-lfi.yaml
@ -1,13 +1,17 @@
 id: kyocera-m2035dn-lfi
 info:
-  name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval
+  name: Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval.
+  description: Kyocera Command Center RX ECOSYS M2035dn is vulnerable to unauthenticated local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50738
    - https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: printer,iot,kyocera,lfi
 requests:
@ -24,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/ns-asg-file-read.yaml
+++ b/vulnerabilities/other/ns-asg-file-read.yaml
@ -1,15 +1,20 @@
 id: nsasg-arbitrary-file-read
 info:
-  name: NS ASG Arbitrary File Read
+  name: NS ASG - Local File Inclusion
  author: pikpikcu,ritikchaddha
  severity: high
  description: NS ASG is vulnerable to local file inclusion.
  reference:
    - https://zhuanlan.zhihu.com/p/368054963
    - http://wiki.xypbk.com/Web安全/网康%20NS-ASG安全网关/网康%20NS-ASG安全网关%20任意文件读取漏洞.md
  metadata:
    fofa-query: app="网康科技-NS-ASG安全网关"
    shodan-query: http.title:“NS-ASG”
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: nsasg,lfi
 requests:
@ -31,3 +36,5 @@ requests:
          - "$certfile"
          - "application/pdf"
        condition: and
 # Enhanced by mp on 2022/08/03
--- a/vulnerabilities/other/nuuo-file-inclusion.yaml
+++ b/vulnerabilities/other/nuuo-file-inclusion.yaml
@ -1,11 +1,16 @@
 id: nuuo-file-inclusion
 info:
-  name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval
+  name: NUUO NVRmini 2 3.0.8 - Local File Inclusion
  author: princechaddha
  severity: high
  description: NUUO NVRmini 2 3.0.8 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/40211
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: nuuo,lfi
 requests:
@ -28,3 +33,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/oliver-library-lfi.yaml
+++ b/vulnerabilities/other/oliver-library-lfi.yaml
@ -1,13 +1,17 @@
 id: oliver-library-lfi
 info:
-  name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval
+  name: Oliver 5 Library Server <8.00.008.053 - Local File Inclusion
  author: gy741
  severity: high
-  description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input.
+  description: Oliver 5 Library Server versions prior to 8.00.008.053 are vulnerable to local file inclusion via the FileServlet function.
  reference:
    - https://www.exploit-db.com/exploits/50599
    - https://www.softlinkint.com/product/oliver/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: windows,lfi,oliver
 requests:
@ -23,3 +27,5 @@ requests:
          - "fonts"
          - "extensions"
        condition: and
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/opencti-lfi.yaml
+++ b/vulnerabilities/other/opencti-lfi.yaml
@ -1,15 +1,20 @@
 id: opencti-lfi
 info:
-  name: OpenCTI 3.3.1 - Directory Traversal
+  name: OpenCTI 3.3.1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: OpenCTI 3.3.1 is vulnerable to local file inclusion.
  reference:
    - https://cxsecurity.com/issue/WLB-2020060078
    - https://github.com/OpenCTI-Platform/opencti/releases/tag/3.3.1
  metadata:
    verified: true
    shodan-query: http.html:"OpenCTI"
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: opencti,lfi,oss
 requests:
@ -27,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/opensis-lfi.yaml
+++ b/vulnerabilities/other/opensis-lfi.yaml
@ -1,13 +1,16 @@
 id: opensis-lfi
 info:
-  name: openSIS 5.1 - 'ajax.php' Local File Inclusion
+  name: openSIS 5.1 - Local File Inclusion
  author: pikpikcu
  severity: high
-  description: An attacker can exploit a vulnerability in openSIS to obtain potentially sensitive information and execute arbitrary local scripts in the context of the Web server process. This may allow the attacker
+  description: openSIS 5.1 is vulnerable to local file inclusion and allows attackers to obtain potentially sensitive information by executing arbitrary local scripts in the context of the web server process. This may allow the attacker to compromise the application and computer; other attacks are also possible.
    to compromise the application and computer; other attacks are also possible.
  reference:
    - https://www.exploit-db.com/exploits/38039
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: opensis,lfi
 requests:
@ -26,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml
+++ b/vulnerabilities/other/orbiteam-bscw-server-lfi.yaml
@ -1,12 +1,17 @@
 id: orbiteam-bscw-server-lfi
 info:
-  name: OrbiTeam BSCW Server - Unauthenticated LFI
+  name: OrbiTeam BSCW Server - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
-    OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below suffer from path traversal
+    OrbiTeam BSCW Server versions 5.0.x, 5.1.x, 5.2.4 and below, 7.3.x and below, and 7.4.3 and below are vulnerable to unauthenticated local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/165156/OrbiTeam-BSCW-Server-XSS-LFI-User-Enumeration.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: bscw,orbiteam,lfi,unauth
 requests:
@ -24,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/pacsone-server-lfi.yaml
+++ b/vulnerabilities/other/pacsone-server-lfi.yaml
@ -1,11 +1,16 @@
 id: pacsone-server-lfi
 info:
-  name: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal
+  name: PACSOne Server 6.6.2 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: PACSOne Server 6.6.2 is vulnerable to local file inclusion via its integrated DICOM Web Viewer.
  reference:
    - https://cxsecurity.com/issue/WLB-2018010303
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: pacsone,lfi
 requests:
@ -22,3 +27,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/phpwiki-lfi.yaml
+++ b/vulnerabilities/other/phpwiki-lfi.yaml
@ -1,10 +1,10 @@
 id: phpwiki-lfi
 info:
-  name: phpwiki 1.5.4 - XSS / Local File Inclusion
+  name: phpwiki 1.5.4 - Cross-Site Scripting/Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: A vulnerability in phpwiki allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
+  description: phpwiki 1.5.4 is vulnerable to cross-site scripting and local file inclusion, and allows remote unauthenticated attackers to include and return the content of locally stored files via the 'index.php' endpoint.
  reference:
    - https://www.exploit-db.com/exploits/38027
  tags: phpwiki,lfi,xss
@ -24,3 +24,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/pmb-directory-traversal.yaml
+++ b/vulnerabilities/other/pmb-directory-traversal.yaml
@ -1,12 +1,16 @@
 id: pmb-directory-traversal
 info:
-  name: PMB 5.6 - Arbitrary File Retrieval
+  name: PMB 5.6 - Local File Inclusion
  author: geeknik
  severity: medium
-  description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval.
+  description: PMB 5.6 is vulnerable to local file inclusion because the PMB Gif Image is not sanitizing the content of the 'chemin' parameter.
  reference:
    - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi
 requests:
@ -25,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/pmb-local-file-disclosure.yaml
+++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml
@ -1,11 +1,16 @@
 id: pmb-local-file-disclosure
 info:
-  name: PMB 5.6 - getgif.php Arbitrary File Retrieval
+  name: PMB 5.6 - Local File Inclusion
  author: dhiyaneshDk
  description: PMB 5.6 is vulnerable to local file inclusion.
  severity: high
  reference:
    - https://www.exploit-db.com/exploits/49054
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,pmb
 requests:
@ -21,3 +26,5 @@ requests:
      - type: word
        words:
          - "root:x:0"
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/processmaker-lfi.yaml
+++ b/vulnerabilities/other/processmaker-lfi.yaml
@ -1,13 +1,17 @@
 id: processmaker-lfi
 info:
-  name: ProcessMaker <= 3.5.4 Directory Traversal
+  name: ProcessMaker <=3.5.4 - Local File Inclusion
  author: KrE80r
  severity: high
-  description: A vulnerability in ProcessMaker allows remote attackers to access arbitrary files and disclose their content.
+  description: ProcessMaker 3.5.4 and prior is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50229
    - https://www.processmaker.com
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: processmaker,lfi
 requests:
@ -26,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/sl-studio-lfi.yaml
+++ b/vulnerabilities/other/sl-studio-lfi.yaml
@ -1,11 +1,16 @@
 id: sl-studio-lfi
 info:
-  name: Webbdesign SL-Studio Directory Traversal
+  name: Webbdesign SL-Studio - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: Webbdesign SL-Studio is vulnerable to local file inclusion.
  reference:
    - https://cxsecurity.com/issue/WLB-2018110187
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    google-dork: 'inurl:index.php?page= intext:Webbdesign: SL-Studio.'
  tags: slstudio,lfi
@ -24,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml
+++ b/vulnerabilities/other/sofneta-mecdream-pacs-lfi.yaml
@ -1,13 +1,17 @@
 id: sofneta-mecdream-pacs-lfi
 info:
-  name: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
+  name: Softneta MedDream PACS Server Premium 6.7.1.1 - Local File Inclusion
  author: 0x_akoko
  severity: high
-  description: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
+  description: Softneta MedDream PACS Server Premium 6.7.1.1 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/45347
    - https://www.softneta.com/products/meddream-pacs-server/downloads.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    google-dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone filetype:php login
  tags: sofneta,lfi
@ -25,3 +29,5 @@ requests:
          - "fonts"
          - "extensions"
        condition: and
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/surrealtodo-lfi.yaml
+++ b/vulnerabilities/other/surrealtodo-lfi.yaml
@ -5,9 +5,13 @@ info:
  author: arafatansari
  severity: high
  description: |
-    Surreal ToDo is affected by Local File Inclusion on index.php via content parameter.
+    Surreal ToDo 0.6.1.2 is vulnerable to local file inclusion via index.php and the content parameter.
  reference:
    - https://www.exploit-db.com/exploits/45826
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    verified: true
  tags: surreal,lfi
@ -26,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/symantec-messaging-gateway.yaml
+++ b/vulnerabilities/other/symantec-messaging-gateway.yaml
@ -1,10 +1,14 @@
 id: symantec-messaging-gateway
 info:
-  name: Symantec Messaging Gateway LFI
+  name: Symantec Messaging Gateway <=10.6.1 - Local File Inclusion
  author: Random_Robbie
  severity: medium
-  description: Symantec Messaging Gateway <= 10.6.1 Directory Traversal
+  description: Symantec Messaging Gateway 10.6.1 and prior are vulnerable to local file inclusion.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,messaging,symantec
 requests:
@ -21,3 +25,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/tpshop-directory-traversal.yaml
+++ b/vulnerabilities/other/tpshop-directory-traversal.yaml
@ -1,11 +1,16 @@
 id: tpshop-directory-traversal
 info:
-  name: TPshop Directory Traversal
+  name: TPshop - Local File Inclusion
  author: pikpikcu
  description: TPshop is vulnerable to local file inclusion.
  severity: high
  reference:
    - https://mp.weixin.qq.com/s/3MkN4ZuUYpP2GgPbTzrxbA
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: tpshop,lfi
 requests:
@ -23,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/umbraco-base-ssrf.yaml
+++ b/vulnerabilities/other/umbraco-base-ssrf.yaml
@ -1,16 +1,16 @@
 id: umbraco-base-ssrf
 info:
-  name: Umbraco v8.14.1 - 'baseUrl' SSRF
+  name: Umbraco 8.14.1 - baseUrl Server-Side Request Forgery (SSRF)
  author: dhiyaneshDk
  severity: medium
  description: Umbraco 8.1.4.1 allows attackers to use the baseUrl parameter to several programs to perform a server-side request forgery (SSRF) attack.
  reference:
    - https://www.exploit-db.com/exploits/50462
  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
-    cvss-score: 5.3
+    cvss-score: 6.8
-    cve-id: CVE-2020-10770
+    cwe-id: CWE-918
    cwe-id: CWE-601
  metadata:
    verified: true
    shodan-query: http.html:"Umbraco"
@ -37,3 +37,5 @@ requests:
          - "len(body_1)==0"
          - "len(body_2)==0"
          - "len(body_3)==0"
 # Enhanced by cs 08/03/2022
--- a/vulnerabilities/other/viewlinc-crlf-injection.yaml
+++ b/vulnerabilities/other/viewlinc-crlf-injection.yaml
@ -1,10 +1,10 @@
 id: viewlinc-crlf-injection
 info:
-  name: viewLinc viewLinc/5.1.2.367 (and sometimes 5.1.1.50) is vulnerable to CRLF Injection.
+  name: viewLinc 5.1.2.367 - Carriage Return Line Feed Attack
  author: geeknik
  severity: low
-  description: The viewLinc application allows remote attackers to inject a CRLF character into the responses returned by the product, this allows attackers to inject arbitrary HTTP headers into the response returned.
+  description: viewLinc 5.1.2.367 (and sometimes 5.1.1.50) allows remote attackers to inject a carriage return line feed (CRLF) character into the responses returned by the product, which allows attackers to inject arbitrary HTTP headers into the response returned.
  reference:
    - https://www.vaisala.com/en/products/systems/indoor-monitoring-systems/viewlinc-continuous-monitoring-system
  tags: crlf,viewlinc
@ -29,3 +29,5 @@ requests:
          - "Set-Cookie: crlfinjection=crlfinjection"
        part: header
        condition: and
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/xerox-efi-lfi.yaml
+++ b/vulnerabilities/other/xerox-efi-lfi.yaml
@ -1,15 +1,18 @@
 id: xerox-efi-lfi
 info:
-  name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure
+  name: Xerox DC260 EFI Fiery Controller Webtools 2.0 - Local File Inclusion
  author: gy741
  severity: high
-  description: Input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary
+  description: Xerox DC260 EFI Fiery Controller Webtools 2.0 is vulnerable to local file inclusion because input passed thru the 'file' GET parameter in 'forceSave.php' script is not properly sanitized before being used to read files. This can be exploited by an unauthenticated attacker to read arbitrary files on the affected system.
    files on the affected system.
  reference:
    - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5447.php
    - https://packetstormsecurity.com/files/145570
    - https://www.exploit-db.com/exploits/43398/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: iot,xerox,disclosure,lfi
 requests:
@ -26,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/other/yishaadmin-lfi.yaml
+++ b/vulnerabilities/other/yishaadmin-lfi.yaml
@ -1,13 +1,17 @@
 id: yishaadmin-lfi
 info:
-  name: yishaadmin path traversal
+  name: yishaadmin - Local File Inclusion
  author: Evan Rubinstein
  severity: high
-  description: An endpoint in yshaadmin "/admin/File/DownloadFile" was improperly secured, allowing for files to be downloaded, read or deleted without any authentication.
+  description: yishaadmin is vulnerable to local file inclusion via the "/admin/File/DownloadFile" endpoint and allows files to be downloaded, read or deleted without any authentication.
  reference:
    - https://huntr.dev/bounties/2acdd87a-12bd-4ce4-994b-0081eb908128/
    - https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L181-L186
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,yishaadmin
 requests:
@ -25,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/ruijie/ruijie-networks-lfi.yaml
+++ b/vulnerabilities/ruijie/ruijie-networks-lfi.yaml
@ -1,12 +1,16 @@
 id: ruijie-networks-lfi
 info:
-  name: Ruijie Networks Switch eWeb S29_RGOS 11.4 LFI
+  name: Ruijie Networks Switch eWeb S29_RGOS 11.4 - Local File Inclusion
  author: pikpikcu
  severity: high
-  description: A vulnerability in Ruijie Networks Switch allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
+  description: Ruijie Networks Switch eWeb S29_RGOS 11.4 is vulnerable to local file inclusion and allows remote unauthenticated attackers to access locally stored files and retrieve their content via the 'download.do' endpoint.
  reference:
    - https://exploit-db.com/exploits/48755
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: ruijie,lfi
 requests:
@ -30,3 +34,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/seeyon/wooyun-2015-148227.yaml
+++ b/vulnerabilities/seeyon/wooyun-2015-148227.yaml
@ -1,12 +1,16 @@
 id: wooyun-2015-148227
 info:
-  name: Seeyon WooYun LFR
+  name: Seeyon WooYun - Local File Inclusion
  author: princechaddha
  severity: high
-  description: A vulnerability in Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker.
+  description: Seeyon WooYun allows remote attackers to include the content of locally stored content and disclose it back to the attacker via local file inclusion.
  reference:
    - https://wooyun.x10sec.org/static/bugs/wooyun-2015-0148227.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: seeyon,wooyun,lfi,zhiyuan
 requests:
@ -26,3 +30,5 @@ requests:
        part: header
        words:
          - "application/xml"
 # Enhanced by mp on 2022/08/04
--- a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
@ -1,11 +1,16 @@
 id: squirrelmail-lfi
 info:
-  name: SquirrelMail 1.2.11 Local File Inclusion
+  name: SquirrelMail 1.2.11 - Local File Inclusion
  author: dhiyaneshDk
  severity: high
  description: SquirrelMail 1.2.11 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/22793
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,squirrelmail
 requests:
@ -25,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml
+++ b/vulnerabilities/thinkcmf/thinkcmf-lfi.yaml
@ -1,14 +1,19 @@
 id: thinkcmf-lfi
 info:
-  name: ThinkCMF LFI
+  name: ThinkCMF - Local File Inclusion
  author: pikpikcu
  severity: high
  description: ThinkCMF is vulnerable to local file inclusion.
  reference:
    - https://www.freebuf.com/vuls/217586.html
  metadata:
    win-payload: ../../../../../../../../../../../../../../../../windows/win.ini
    unix-payload: ../../../../../../../../../../../../../../../../etc/passwd
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: thinkcmf,lfi
 requests:
@ -29,3 +34,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-lfi-linux.yaml
@ -1,9 +1,14 @@
 id: vmware-vcenter-lfi-linux
 info:
-  name: Vmware Vcenter LFI for Linux appliances
+  name: Linux Vmware Vcenter - Local File Inclusion
  author: PR3R00T
  severity: high
  description: Linux appliance based Vmware Vcenter is vulnerable to local file inclusion.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: vmware,lfi,vcenter
 requests:
@ -14,3 +19,5 @@ requests:
      - type: word
        words:
          - "vCenter Server"
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/vmware/vmware-vcenter-lfi.yaml
+++ b/vulnerabilities/vmware/vmware-vcenter-lfi.yaml
@ -1,12 +1,17 @@
 id: vmware-vcenter-lfi
 info:
-  name: VMware vCenter Unauthenticated Arbitrary File Read
+  name: VMware vCenter - Local File Inclusion
  author: dwisiswant0
  severity: high
  description: VMware vCenter is vulnerable to local file inclusion.
  reference:
    - https://kb.vmware.com/s/article/7960893
    - https://twitter.com/ptswarm/status/1316016337550938122
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: vmware,lfi,vcenter
 requests:
@ -30,3 +35,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml
+++ b/vulnerabilities/weaver/ecology/ecology-filedownload-directory-traversal.yaml
@ -1,11 +1,16 @@
 id: ecology-filedownload-directory-traversal
 info:
-  name: Ecology Directory Traversal
+  name: Ecology - Local File Inclusion
  author: princechaddha
  severity: medium
  description: Ecology is vulnerable to local file inclusion.
  metadata:
    fofa-query: app="泛微-协同办公OA"
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: ecology,lfi
 requests:
@ -21,3 +26,5 @@ requests:
        words:
          - "<url-pattern>/weaver/"
        part: body
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml
+++ b/vulnerabilities/weaver/ecology/ecology-springframework-directory-traversal.yaml
@ -1,9 +1,14 @@
 id: ecology-springframework-directory-traversal
 info:
-  name: Ecology Springframework Directory Traversal
+  name: Ecology Springframework - Local File Inclusion
  author: princechaddha
  severity: medium
  description: Ecology Springframework is vulnerable to local file inclusion.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: ecology,springframework,lfi
 requests:
@ -19,3 +24,5 @@ requests:
        words:
          - "<url-pattern>/weaver/"
        part: body
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/ad-widget-lfi.yaml
+++ b/vulnerabilities/wordpress/ad-widget-lfi.yaml
@ -1,13 +1,17 @@
 id: ad-widget-lfi
 info:
-  name: WordPress Plugin WordPress Ad Widget Local File Inclusion (2.11.0)
+  name: WordPress Ad Widget 2.11.0 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
+  description: WordPress Ad Widget 2.11.0 is vulnerable to local file inclusion. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks.
  reference:
    - https://cxsecurity.com/issue/WLB-2017100084
    - https://plugins.trac.wordpress.org/changeset/1628751/ad-widget
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi
 requests:
@ -25,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml
+++ b/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml
@ -1,12 +1,18 @@
 id: admin-word-count-column-lfi
 info:
-  name: Admin word count column 2.2 - Arbitrary File Retrieval
+  name: WordPress Admin Word Count Column 2.2 - Local File Inclusion
  author: daffainfo,Splint3r7
  severity: high
  description: WordPress Admin Word Count Column 2.2 is vulnerable to local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/166476/WordPress-Admin-Word-Count-Column-2.2-Local-File-Inclusion.html
    - https://wordpress.org/plugins/admin-word-count-column/
  remediation: This plugin has been closed as of March 29, 2022 and is not available for download.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp
 requests:
@ -23,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml
+++ b/vulnerabilities/wordpress/advanced-access-manager-lfi.yaml
@ -1,13 +1,17 @@
 id: advanced-access-manager-lfi
 info:
-  name: Advanced Access Manager < 5.9.9 - Unauthenticated Local File Inclusion
+  name: WordPress Advanced Access Manager <5.9.9 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Advanced Access Manager WordPress plugin, versions before 5.9.9, allowed reading arbitrary files. This way one can download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
+  description: WordPress Advanced Access Manager versions before 5.9.9 are vulnerable to local file inclusion and allows attackers to download the wp-config.php file and get access to the database, which is publicly reachable on many servers.
  reference:
    - https://wpscan.com/vulnerability/9873
    - https://id.wordpress.org/plugins/advanced-access-manager/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi
 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml
+++ b/vulnerabilities/wordpress/amministrazione-aperta-lfi.yaml
@ -1,12 +1,17 @@
 id: amministrazione-aperta-lfi
 info:
-  name: Amministrazione Aperta 3.7.3 - Unauthenticated Local File Read
+  name: WordPress Amministrazione Aperta 3.7.3 - Local File Inclusion
  author: daffainfo,Splint3r7
  severity: high
  description: WordPress Amministrazione Aperta 3.7.3 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50838
    - https://wordpress.org/plugins/amministrazione-aperta
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp
 requests:
@ -23,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/aspose-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-file-download.yaml
@ -1,12 +1,16 @@
 id: aspose-file-download
 info:
-  name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval
+  name: Wordpress Aspose Cloud eBook Generator - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability.
+  description: Wordpress Aspose Cloud eBook Generator is vulnerable to local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/7866
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,aspose,ebook
 requests:
@ -26,3 +30,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/aspose-ie-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-ie-file-download.yaml
@ -1,10 +1,10 @@
 id: aspose-ie-file-download
 info:
-  name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval
+  name: WordPress Aspose Importer & Exporter 1.0 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
+  description: WordPress Aspose Importer & Exporter version 1.0 is vulnerable to local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/131162/
    - https://wordpress.org/plugins/aspose-importer-exporter
@ -27,3 +27,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/aspose-pdf-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-pdf-file-download.yaml
@ -1,13 +1,17 @@
 id: aspose-pdf-file-download
 info:
-  name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval
+  name: WordPress Aspose PDF Exporter - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability.
+  description: WordPress Aspose PDF Exporter is vulnerable to local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/131161
    - https://wordpress.org/plugins/aspose-pdf-exporter
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,aspose
 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/aspose-words-file-download.yaml
+++ b/vulnerabilities/wordpress/aspose-words-file-download.yaml
@ -1,13 +1,17 @@
 id: aspose-words-file-download
 info:
-  name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval
+  name: WordPress Aspose Words Exporter <2.0 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability.
+  description: WordPress Aspose Words Exporter prior to version 2.0 is vulnerable to local file inclusion.
  reference:
    - https://wpscan.com/vulnerability/7869
    - https://wordpress.org/plugins/aspose-doc-exporter
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,aspose
 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/brandfolder-lfi.yaml
+++ b/vulnerabilities/wordpress/brandfolder-lfi.yaml
@ -1,13 +1,17 @@
 id: brandfolder-lfi
 info:
-  name: Wordpress brandfolder plugin - RFI & LFI
+  name: Wordpress Brandfolder - Remote/Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: A vulnerability in WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
+  description: WordPress Brandfolder allows remote attackers to access arbitrary files that reside on the local and remote server and disclose their content.
  reference:
    - https://www.exploit-db.com/exploits/39591
    - https://cxsecurity.com/issue/WLB-2016030120
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,rfi
 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/brandfolder-open-redirect.yaml
+++ b/vulnerabilities/wordpress/brandfolder-open-redirect.yaml
@ -1,10 +1,10 @@
 id: brandfolder-open-redirect
 info:
-  name: WordPress Brandfolder Plugin Open Redirect
+  name: WordPress Brandfolder - Remote/Local File Inclusion
  author: 0x_Akoko
  severity: low
-  description: A vulnerability in WordPress Brandfolder allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
+  description: WordPress Brandfolder is vulnerable to remote/local file inclusion and allows remote attackers to inject an arbitrary URL into the 'callback.php' endpoint via the 'wp_abspath' parameter which will redirect the victim to it.
  reference:
    - https://www.exploit-db.com/exploits/39591
  tags: wordpress,wp-plugin,lfi,rfi
@ -19,3 +19,5 @@ requests:
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$'
        part: header
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml
+++ b/vulnerabilities/wordpress/cab-fare-calculator-lfi.yaml
@ -1,12 +1,17 @@
 id: cab-fare-calculator-lfi
 info:
-  name: Cab fare calculator 1.0.3 - Unauthenticated Local File Inclusion
+  name: WordPress Cab fare calculator 1.0.3 - Local File Inclusion
  author: Hassan Khan Yusufzai - Splint3r7
  severity: high
  description: WordPress Cab fare calculator 1.0.3 is vulnerable to local file inclusion.
  reference:
    - https://www.exploit-db.com/exploits/50843
    - https://wordpress.org/plugins/cab-fare-calculator
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp
 requests:
@ -23,3 +28,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/01
--- a/vulnerabilities/wordpress/church-admin-lfi.yaml
+++ b/vulnerabilities/wordpress/church-admin-lfi.yaml
@ -1,13 +1,17 @@
 id: church-admin-lfi
 info:
-  name: Church Admin 0.33.2.1 - Unauthenticated Directory Traversal
+  name: WordPress Church Admin 0.33.2.1 - Local File Inclusion
  author: 0x_Akoko
  severity: high
-  description: The "key" parameter of download.php from plugins/church-admin/display/download.php is not sanitized and is vulnerable to a directory traversal type of attack.
+  description: WordPress Church Admin 0.33.2.1 is vulnerable to local file inclusion via the "key" parameter of plugins/church-admin/display/download.php.
  reference:
    - https://wpscan.com/vulnerability/8997
    - https://id.wordpress.org/plugins/church-admin/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi
 requests:
@ -25,3 +29,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/wordpress/db-backup-lfi.yaml
+++ b/vulnerabilities/wordpress/db-backup-lfi.yaml
@ -1,14 +1,17 @@
 id: db-backup-lfi
 info:
-  name: DB Backup <= 4.5 - Path Traversal File Access
+  name: WordPress DB Backup <=4.5 - Local File Inclusion
  author: dhiyaneshDK
  severity: high
-  description: WordPress Plugin DB Backup is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive
+  description: WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.
    information that could aid in further attacks. WordPress Plugin DB Backup version 4.5 is vulnerable; prior versions may also be affected.
  reference:
    - https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536
    - https://www.exploit-db.com/exploits/35378
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp
 requests:
@ -28,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/wordpress/hb-audio-lfi.yaml
+++ b/vulnerabilities/wordpress/hb-audio-lfi.yaml
@ -1,13 +1,18 @@
 id: hb-audio-lfi
 info:
-  name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval
+  name: Wordpress HB Audio Gallery Lite - Local File Inclusion
  author: dhiyaneshDK
  severity: high
  description: Wordpress HB Audio Gallery Lite is vulnerable to local file inclusion.
  reference:
    - https://packetstormsecurity.com/files/136340/WordPress-HB-Audio-Gallery-Lite-1.0.0-Arbitrary-File-Download.html
  metadata:
    google-dork: inurl:/wp-content/plugins/hb-audio-gallery-lite
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-plugin,lfi,wp
 requests:
@ -27,3 +32,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/wordpress/health-check-lfi.yaml
+++ b/vulnerabilities/wordpress/health-check-lfi.yaml
@ -1,14 +1,18 @@
 id: health-check-lfi
 info:
-  name: Health Check & Troubleshooting <= 1.2.3 - Authenticated Path Traversal
+  name: WordPress Health Check & Troubleshooting <1.24 - Local File Inclusion
  author: DhiyaneshDK
  severity: high
-  description: The Health Check & Troubleshooting WordPress plugin was affected by an Authenticated Path Traversal security vulnerability.
+  description: WordPress Health Check & Troubleshooting prior to 1.2.4 is vulnerable to local file inclusion. Exploitation does require authentication.
-  remediation: Fixed in version 1.2.4
+  remediation: Upgrade to version 1.2.4 or later.
  reference:
    - https://wpscan.com/vulnerability/5eecc4a7-0b44-495d-9352-78dccebfc72a
    - https://www.synacktiv.com/ressources/advisories/WordPress_Health_Check_1.2.3_Vulnerabilities.pdf
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: lfi,wp,wordpress,wp-plugin,authenticated,lfr
 requests:
@ -43,3 +47,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05
--- a/vulnerabilities/wordpress/mthemeunus-lfi.yaml
+++ b/vulnerabilities/wordpress/mthemeunus-lfi.yaml
@ -1,13 +1,17 @@
 id: mthemeunus-lfi
 info:
-  name: mTheme-Unus Theme - Local File Inclusion (LFI)
+  name: WordPress mTheme-Unus Theme - Local File Inclusion
  author: dhiyaneshDk
  severity: high
-  description: The mTheme-Unus WordPress Theme was affected by a css.php Local File Inclusion security vulnerability.
+  description: WordPress mTheme-Unus Theme is vulnerable to local file inclusion via css.php.
  reference:
    - https://wpscan.com/vulnerability/bc036ee3-9648-49db-ae52-3a58fdeb82eb
    - https://packetstormsecurity.com/files/133778/
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  tags: wordpress,wp-theme,lfi,wordpress,mtheme
 requests:
@ -27,3 +31,5 @@ requests:
      - type: status
        status:
          - 200
 # Enhanced by mp on 2022/08/05