Dashboard Content Enhancements (#4665)
* Enhancement: cves/2021/CVE-2021-24750.yaml by mp * Enhancement: cves/2021/CVE-2021-24340.yaml by mp * Enhancement: cves/2021/CVE-2021-24278.yaml by mp * Enhancement: cves/2021/CVE-2021-24226.yaml by mp * Enhancement: cves/2021/CVE-2021-24146.yaml by mp * Remove link to opencve.io in favor of NVD * Minor cleanups and added cve-id to CVE-2022-1904.yaml Co-authored-by: sullo <sullo@cirt.net>patch-1
parent
1a219d975a
commit
c80fea4a8c
|
@ -1,13 +1,14 @@
|
|||
id: CVE-2021-24146
|
||||
|
||||
info:
|
||||
name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
|
||||
name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
|
||||
author: random_robbie
|
||||
severity: high
|
||||
description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
|
||||
description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
|
||||
- http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24146
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -32,3 +33,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
id: CVE-2021-24226
|
||||
|
||||
info:
|
||||
name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
|
||||
name: AccessAlly <3.5.7 - Sensitive Information Leakage
|
||||
author: dhiyaneshDK
|
||||
severity: high
|
||||
description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which
|
||||
contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
|
||||
description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24226
|
||||
|
@ -32,3 +31,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
id: CVE-2021-24278
|
||||
|
||||
info:
|
||||
name: Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
|
||||
name: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
|
||||
author: 2rs3c
|
||||
severity: high
|
||||
description: In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
|
||||
description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
|
||||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24278
|
||||
- https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
|
||||
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24278
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -44,3 +44,5 @@ requests:
|
|||
part: body
|
||||
regex:
|
||||
- '"nonce":"[a-f0-9]+"'
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
id: CVE-2021-24340
|
||||
|
||||
info:
|
||||
name: WordPress Plugin WP Statistics < 13.0.8 - Unauthenticated Time-Based Blind SQL Injection
|
||||
name: WordPress Statistics <13.0.8 - Blind SQL Injection
|
||||
author: lotusdll
|
||||
severity: high
|
||||
description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability.
|
||||
description: WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/49894
|
||||
- https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
|
||||
- https://github.com/Udyz/WP-Statistics-BlindSQL
|
||||
- https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24340
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
|
@ -49,3 +50,5 @@ requests:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- compare_versions(version, '< 13.0.8')
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
|
@ -1,15 +1,15 @@
|
|||
id: CVE-2021-24750
|
||||
|
||||
info:
|
||||
name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI
|
||||
name: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
|
||||
author: cckuakilong
|
||||
severity: high
|
||||
description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks.
|
||||
description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.
|
||||
reference:
|
||||
- https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24750
|
||||
- https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de
|
||||
- https://plugins.trac.wordpress.org/changeset/2622268
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24750
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
|
@ -43,3 +43,5 @@ requests:
|
|||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/22
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2021-3017
|
||||
|
||||
info:
|
||||
name: Intelbras WIN 300/WRN 342 Credential Disclosure
|
||||
name: Intelbras WIN 300/WRN 342 - Credentials Disclosure
|
||||
author: pikpikcu
|
||||
severity: high
|
||||
description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
|
||||
|
|
|
@ -4,12 +4,11 @@ info:
|
|||
name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect
|
||||
author: 0x_Akoko
|
||||
severity: medium
|
||||
description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
|
||||
description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.
|
||||
reference:
|
||||
- https://www.opencve.io/cve/CVE-2021-46379
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-46379
|
||||
- https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view
|
||||
- https://www.cvedetails.com/cve/CVE-2021-46379
|
||||
- https://www.dlink.com/en/security-bulletin/
|
||||
- https://www.dlink.com/en/security-bulletin
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
|
@ -29,3 +28,5 @@ requests:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
|
||||
|
||||
# Enhanced by cs 06/22/2022
|
||||
|
|
|
@ -4,7 +4,10 @@ info:
|
|||
name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
|
||||
author: Akincibor
|
||||
severity: medium
|
||||
description: The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting.
|
||||
description: |
|
||||
The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting.
|
||||
classification:
|
||||
cve-id: CVE-2022-1904
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
id: CVE-2022-26148
|
||||
|
||||
info:
|
||||
name: Grafana & Zabbix Integration - Credential Disclosure
|
||||
name: Grafana & Zabbix Integration - Credentials Disclosure
|
||||
author: Geekby
|
||||
severity: critical
|
||||
description: |
|
||||
|
|
Loading…
Reference in New Issue