Dashboard Content Enhancements (#4665)

* Enhancement: cves/2021/CVE-2021-24750.yaml by mp

* Enhancement: cves/2021/CVE-2021-24340.yaml by mp

* Enhancement: cves/2021/CVE-2021-24278.yaml by mp

* Enhancement: cves/2021/CVE-2021-24226.yaml by mp

* Enhancement: cves/2021/CVE-2021-24146.yaml by mp

* Remove link to opencve.io in favor of NVD

* Minor cleanups and added cve-id to CVE-2022-1904.yaml

Co-authored-by: sullo <sullo@cirt.net>
patch-1
MostInterestingBotInTheWorld 2022-06-25 03:14:58 -04:00 committed by GitHub
parent 1a219d975a
commit c80fea4a8c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 36 additions and 21 deletions

View File

@ -1,13 +1,14 @@
id: CVE-2021-24146
info:
name: Modern Events Calendar Lite < 5.16.5 - Unauthenticated Events Export
name: WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
author: random_robbie
severity: high
description: Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.
description: WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format.
reference:
- https://wpscan.com/vulnerability/c7b1ebd6-3050-4725-9c87-0ea525f8fecc
- http://packetstormsecurity.com/files/163345/WordPress-Modern-Events-Calendar-5.16.2-Information-Disclosure.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-24146
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cvss-score: 7.5
@ -32,3 +33,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/22

View File

@ -1,11 +1,10 @@
id: CVE-2021-24226
info:
name: AccessAlly < 3.5.7 - $_SERVER Superglobal Leakage
name: AccessAlly <3.5.7 - Sensitive Information Leakage
author: dhiyaneshDK
severity: high
description: In the AccessAlly WordPress plugin before 3.5.7, the file \"resource/frontend/product/product-shortcode.php\" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which
contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, no login or administrator role is required.
description: WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \"resource/frontend/product/product-shortcode.php\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.
reference:
- https://wpscan.com/vulnerability/8e3e89fd-e380-4108-be23-00e87fbaad16
- https://nvd.nist.gov/vuln/detail/CVE-2021-24226
@ -32,3 +31,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/22

View File

@ -1,14 +1,14 @@
id: CVE-2021-24278
info:
name: Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
name: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
author: 2rs3c
severity: high
description: In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
description: WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24278
- https://wpscan.com/vulnerability/99f30604-d62b-4e30-afcd-b482f8d66413
- https://www.wordfence.com/blog/2021/04/severe-vulnerabilities-patched-in-redirection-for-contact-form-7-plugin/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24278
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -44,3 +44,5 @@ requests:
part: body
regex:
- '"nonce":"[a-f0-9]+"'
# Enhanced by mp on 2022/06/22

View File

@ -1,15 +1,16 @@
id: CVE-2021-24340
info:
name: WordPress Plugin WP Statistics < 13.0.8 - Unauthenticated Time-Based Blind SQL Injection
name: WordPress Statistics <13.0.8 - Blind SQL Injection
author: lotusdll
severity: high
description: The WP Statistic WordPress plugin was affected by an Unauthenticated Time-Based Blind SQL Injection security vulnerability.
description: WordPress Statistic plugin versions prior to version 13.0.8 are affected by an unauthenticated time-based blind SQL injection vulnerability.
reference:
- https://www.exploit-db.com/exploits/49894
- https://www.wordfence.com/blog/2021/05/over-600000-sites-impacted-by-wp-statistics-patch/
- https://github.com/Udyz/WP-Statistics-BlindSQL
- https://wpscan.com/vulnerability/d2970cfb-0aa9-4516-9a4b-32971f41a19c
- https://nvd.nist.gov/vuln/detail/CVE-2021-24340
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -49,3 +50,5 @@ requests:
- type: dsl
dsl:
- compare_versions(version, '< 13.0.8')
# Enhanced by mp on 2022/06/22

View File

@ -1,15 +1,15 @@
id: CVE-2021-24750
info:
name: WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 SQLI
name: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection
author: cckuakilong
severity: high
description: The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 4.8 does not properly sanitise and escape the refUrl in the refDetails AJAX action, available to any authenticated user, which could allow users with a role as low as subscriber to perform SQL injection attacks.
description: WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.
reference:
- https://github.com/fimtow/CVE-2021-24750/blob/master/exploit.py
- https://nvd.nist.gov/vuln/detail/CVE-2021-24750
- https://wpscan.com/vulnerability/7528aded-b8c9-4833-89d6-9cd7df3620de
- https://plugins.trac.wordpress.org/changeset/2622268
- https://nvd.nist.gov/vuln/detail/CVE-2021-24750
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -43,3 +43,5 @@ requests:
- type: status
status:
- 200
# Enhanced by mp on 2022/06/22

View File

@ -1,7 +1,7 @@
id: CVE-2021-3017
info:
name: Intelbras WIN 300/WRN 342 Credential Disclosure
name: Intelbras WIN 300/WRN 342 - Credentials Disclosure
author: pikpikcu
severity: high
description: Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.

View File

@ -4,12 +4,11 @@ info:
name: D-Link DIR850 ET850-1.08TRb03 - Open Redirect
author: 0x_Akoko
severity: medium
description: DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
description: DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.
reference:
- https://www.opencve.io/cve/CVE-2021-46379
- https://nvd.nist.gov/vuln/detail/CVE-2021-46379
- https://drive.google.com/file/d/1rrlwnIxSHEoO4SMAHRPKZSRzK5MwZQRf/view
- https://www.cvedetails.com/cve/CVE-2021-46379
- https://www.dlink.com/en/security-bulletin/
- https://www.dlink.com/en/security-bulletin
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
@ -29,3 +28,5 @@ requests:
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# Enhanced by cs 06/22/2022

View File

@ -4,7 +4,10 @@ info:
name: Easy Pricing Tables < 3.2.1 - Reflected Cross-Site-Scripting
author: Akincibor
severity: medium
description: The plugin does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting.
description: |
The plugin does not sanitize and escape parameter before reflecting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a reflected cross-site scripting.
classification:
cve-id: CVE-2022-1904
reference:
- https://wpscan.com/vulnerability/92215d07-d129-49b4-a838-0de1a944c06b
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1904

View File

@ -1,7 +1,7 @@
id: CVE-2022-26148
info:
name: Grafana & Zabbix Integration - Credential Disclosure
name: Grafana & Zabbix Integration - Credentials Disclosure
author: Geekby
severity: critical
description: |