daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-25369.yaml by cs

patch-1
MostInterestingBotInTheWorld 2022-02-28 14:31:36 -05:00
parent 420a995b14
commit c4a91ea72f
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cves/2022/CVE-2022-25369.yaml
View File

@ -4,10 +4,19 @@ info:
name: Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin addition
author: pdteam
severity: critical
reference: https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
description: Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.
remediation: Upgrade to one of the fixed versions or higher: Dynamicweb 9.5.9, 9.6.16, 9.7.8, 9.8.11, 9.9, 9.10.18, 9.12.8, or 9.13.0+.
reference:
- https://blog.assetnote.io/2022/02/20/logicflaw-dynamicweb-rce/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25369
metadata:
shodan-query: http.component:"Dynamicweb"
tags: cve,cve2022,dynamicweb,rce,unauth
classification:
cve-id: CVE-2022-25369
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-425
requests:
- method: GET
@ -33,4 +42,6 @@ requests:
- type: status
status:
- 200
- 200
# Enhanced by cs on 2022/02/28