daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

patch-11
ghost 2024-09-19 04:03:36 +00:00
parent cf91d7edeb
commit f92eff32de
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@ -2382,6 +2382,7 @@
{"ID":"CVE-2023-6063","Info":{"Name":"WP Fastest Cache 1.2.2 - SQL Injection","Severity":"high","Description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6063.yaml"}
{"ID":"CVE-2023-6065","Info":{"Name":"Quttera Web Malware Scanner \u003c= 3.4.1.48 - Sensitive Data Exposure","Severity":"medium","Description":"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-6065.yaml"}
{"ID":"CVE-2023-6114","Info":{"Name":"Duplicator \u003c 1.5.7.1; Duplicator Pro \u003c 4.5.14.2 - Unauthenticated Sensitive Data Exposure","Severity":"high","Description":"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6114.yaml"}
{"ID":"CVE-2023-6275","Info":{"Name":"TOTVS Fluig Platform - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6275.yaml"}
{"ID":"CVE-2023-6329","Info":{"Name":"Control iD iDSecure - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a \"passwordCustom\" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6329.yaml"}
{"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"}
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
a6aeb8a271ef5977b8e75e41e1c5394b
8658e0ae60111e9b8cc0c547a092c6ce