daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2020-8497.yaml

patch-1
Prince Chaddha 2021-12-06 10:39:43 +05:30 committed by GitHub
parent b76c1d20f3
commit c92010033b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cves/2020/CVE-2020-8497.yaml
View File

@ -5,13 +5,15 @@ info:
author: gy741
severity: medium
description: In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps.
reference: https://k4m1ll0.com/cve-2020-8497.html
tags: cve,cve2020,fms
reference:
- https://k4m1ll0.com/cve-2020-8497.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-8497
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 5.30
cve-id: CVE-2020-8497
cwe-id: CWE-306
tags: cve,cve2020,fms
requests:
- method: GET
@ -21,12 +23,12 @@ requests:
matchers-condition: and
matchers:
- type: word
words:
- "type"
- "id_user"
- "user_name"
- "text"
part: body
words:
- '"type"'
- '"id_user"'
- '"user_name"'
- '"text"'
condition: and
- type: status