Commit Graph

14 Commits (a2d86a86a35324fe70f5b7d077d3d165d5b8521b)

Author SHA1 Message Date
Sandeep Singh 92c2c47450
Updated "cisa" tags to "kev" + added tags to new applicable templates (#4871) 2022-07-21 22:48:22 +05:30
Yuzhe-Zhang-0 9d8806582d
added cisa tags to appropriate templates (#4523) 2022-06-02 03:01:44 +05:30
Sandeep Singh b59ff42aaf
additional reference to cves templates (#4395)
* additional reference to cves templates

* Update CVE-2006-1681.yaml

* Update CVE-2009-3318.yaml

* Update CVE-2009-4223.yaml

* Update CVE-2010-0942.yaml

* Update CVE-2010-0944.yaml

* Update CVE-2010-0972.yaml

* Update CVE-2010-1304.yaml

* Update CVE-2010-1308.yaml

* Update CVE-2010-1313.yaml

* Update CVE-2010-1461.yaml

* Update CVE-2010-1470.yaml

* Update CVE-2010-1471.yaml

* Update CVE-2010-1472.yaml

* Update CVE-2010-1474.yaml

* removed duplicate references

* misc fix

Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com>
2022-05-17 14:48:12 +05:30
forgedhallpass 209538baa6 refactor: Description field uniformization
* info field reorder
* reference values refactored to list
* added new lines after the id and before the protocols
* removed extra new lines
* split really long descriptions to multiple lines (part 1)
* other minor fixes
2022-04-22 13:38:41 +03:00
MostInterestingBotInTheWorld 13bfc8ff57
Dashboard Content Enhancements (#3998)
* Enhancement: dns/ec2-detection.yaml by mp

* Add CVSS/CWE

* Trailing space

* Linting error on comment indentation

* Typo

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: cves/2020/CVE-2020-23517.yaml by mp

* Enhancement: dns/elasticbeantalk-takeover.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/nameserver-fingerprint.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: dns/txt-fingerprint.yaml by mp

* Enhancement: dns/worksites-detection.yaml by mp

* Enhancement: exposed-panels/3g-wireless-gateway.yaml by mp

* Enhancement: exposed-panels/acemanager-login.yaml by mp

* Enhancement: exposed-panels/acrolinx-dashboard.yaml by mp

* Enhancement: dns/mx-fingerprint.yaml by mp

* Enhancement: dns/mx-service-detector.yaml by mp

* Enhancement: dns/ptr-fingerprint.yaml by mp

* Enhancement: dns/servfail-refused-hosts.yaml by mp

* Enhancement: dns/spoofable-spf-records-ptr.yaml by mp

* Enhancement: cves/2021/CVE-2021-39501.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: cves/2021/CVE-2021-40856.yaml by mp

* Enhancement: cves/2021/CVE-2021-40859.yaml by mp

* Enhancement: cves/2021/CVE-2021-40323.yaml by mp

* Enhancement: cves/2021/CVE-2021-40539.yaml by mp

* Enhancement: cves/2010/CVE-2010-1875.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/akamai-cloudtest.yaml by mp

* Enhancement: exposed-panels/alfresco-detect.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: exposed-panels/amcrest-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: exposed-panels/alienvault-usm.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/ambari-exposure.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-17369.yaml by mp

* Enhancement: exposed-panels/apache/public-tomcat-manager.yaml by mp

* Enhancement: exposed-panels/apache/apache-apisix-panel.yaml by mp

* Enhancement: exposed-panels/ansible-tower-exposure.yaml by mp

* Enhancement: exposed-panels/ampps-panel.yaml by mp

* Enhancement: exposed-panels/ampps-admin-panel.yaml by mp

* Enhancement: exposed-panels/ametys-admin-login.yaml by mp

* Enhancement: cves/2010/CVE-2010-1878.yaml by mp

* Fix encoded chars

* trailing space

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15822.yaml by mp

* Enhancement: exposed-panels/apache/tomcat-pathnormalization.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: misconfiguration/horde-unauthenticated.yaml by mp

* Enhancement: cves/2021/CVE-2021-40542.yaml by mp

* Enhancement: exposed-panels/apiman-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1873.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-panel.yaml by mp

* Enhancement: exposed-panels/arcgis/arcgis-rest-api.yaml by mp

* Enhancement: exposed-panels/argocd-login.yaml by mp

* Enhancement: exposed-panels/atlassian-crowd-panel.yaml by mp

* Enhancement: exposed-panels/atvise-login.yaml by mp

* Enhancement: exposed-panels/avantfax-panel.yaml by mp

* Enhancement: exposed-panels/avatier-password-management.yaml by mp

* Enhancement: exposed-panels/axigen-webadmin.yaml by mp

* Enhancement: exposed-panels/axigen-webmail.yaml by mp

* Enhancement: exposed-panels/azkaban-web-client.yaml by mp

* Enhancement: exposed-panels/acunetix-panel.yaml by mp

* Enhancement: exposed-panels/adiscon-loganalyzer.yaml by mp

* Enhancement: exposed-panels/adminer-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1870.yaml by mp

* Enhancement: exposed-panels/adminset-panel.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-component-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-connect-central-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-experience-manager-login.yaml by mp

* Enhancement: exposed-panels/adobe/adobe-media-server.yaml by mp

* Enhancement: exposed-panels/advance-setup.yaml by mp

* Enhancement: exposed-panels/aerohive-netconfig-ui.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-mgmt-client.yaml by mp

* Enhancement: exposed-panels/aims-password-portal.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* Enhancement: exposed-panels/airflow-panel.yaml by mp

* spacing issues

* Spacing

* HTML codes improperly interpreted
Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Relocate horde-unauthenticated.yaml to CVE-2005-3344.yaml

* Enhancement: technologies/waf-detect.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-wpcourses-info-disclosure.yaml by mp

* Enhancement: network/sap-router-info-leak.yaml by mp

* Enhancement: network/exposed-adb.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/vmware/vrealize-operations-log4j-rce.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-woocommerce-sqli.yaml by mp

* Enhancement: exposures/tokens/digitalocean/tugboat-config-exposure.yaml by mp

* Enhancement: exposed-panels/concrete5/concrete5-install.yaml by mp

* Enhancement: vulnerabilities/wordpress/wordpress-infinitewp-auth-bypass.yaml by mp

* indentation issue

* Character encoding issue fix

* Enhancement: default-logins/alibaba/canal-default-login.yaml by mp

* Enhancement: default-logins/alphaweb/alphaweb-default-login.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Enhancement: default-logins/apache/airflow-default-login.yaml by mp

* Enhancement: default-logins/apache/apisix-default-login.yaml by mp

* Enhancement: default-logins/apollo/apollo-default-login.yaml by mp

* Enhancement: default-logins/arl/arl-default-login.yaml by mp

* Enhancement: default-logins/digitalrebar/digitalrebar-default-login.yaml by mp

* Enhancement: default-logins/mantisbt/mantisbt-default-credential.yaml by mp

* Enhancement: default-logins/stackstorm/stackstorm-default-login.yaml by mp

* Enhancement: dns/caa-fingerprint.yaml by mp

* Enhancement: exposed-panels/active-admin-exposure.yaml by mp

* Enhancement: exposed-panels/activemq-panel.yaml by mp

* Enhancement: default-logins/ambari/ambari-default-login.yaml by mp

* Restore & stomped by dashboard

* Enhancement: cves/2010/CVE-2010-1653.yaml by mp

* Enhancement: cves/2021/CVE-2021-38751.yaml by mp

* Enhancement: cves/2021/CVE-2021-39320.yaml by mp

* Enhancement: cves/2021/CVE-2021-39322.yaml by mp

* Enhancement: cves/2021/CVE-2021-39327.yaml by mp

* Enhancement: cves/2021/CVE-2021-39350.yaml by mp

* Enhancement: cves/2021/CVE-2021-39433.yaml by mp

* Enhancement: cves/2021/CVE-2021-41192.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-15824.yaml by mp

* Enhancement: exposed-panels/ansible-semaphore-panel.yaml by mp

* Enhancement: exposed-panels/aviatrix-panel.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Enhancement: exposed-panels/blue-iris-login.yaml by mp

* Enhancement: exposed-panels/bigbluebutton-login.yaml by mp

* Enhancement: cves/2022/CVE-2022-24288.yaml by mp

* Enhancement: cves/2022/CVE-2022-24990.yaml by mp

* Enhancement: cves/2022/CVE-2022-26159.yaml by mp

* Enhancement: default-logins/aem/aem-default-login.yaml by mp

* Spacing issues
Add cve-id field

* fix & stomping

* Enhancement: cves/2016/CVE-2016-1000141.yaml by mp

* Enhancement: cves/2020/CVE-2020-24912.yaml by mp

* Enhancement: cves/2021/CVE-2021-35265.yaml by mp

* Enhancement: cves/2022/CVE-2022-0437.yaml by mp

* Enhancement: cves/2010/CVE-2010-1601.yaml by mp

* Enhancement: technologies/teradici-pcoip.yaml by mp

* Enhancement: vulnerabilities/other/unauth-hoteldruid-panel.yaml by mp

* Enhancement: cves/2010/CVE-2010-1475.yaml by mp

* Enhancement: cves/2010/CVE-2010-1535.yaml by mp

* Enhancement: exposed-panels/epson-web-control-detect.yaml by mp

* Enhancement: exposed-panels/epson-access-detect.yaml by mp

* Enhancement: cves/2020/CVE-2020-29453.yaml by mp

* Fix spacing

* Remove empty cve lines and relocate tags

* Remove blank cve lines & move tags

* Fix merge errors

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-2551.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-21224.yaml by mp

* Enhancement: cves/2020/CVE-2020-24148.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24186.yaml by mp

* Enhancement: cves/2020/CVE-2020-24391.yaml by mp

* Enhancement: cves/2020/CVE-2020-24589.yaml by mp

* Enhancement: cves/2020/CVE-2020-25213.yaml by mp

* Enhancement: cves/2020/CVE-2020-25223.yaml by mp

* Enhancement: cves/2020/CVE-2020-25506.yaml by mp

* Enhancement: cves/2020/CVE-2020-28871.yaml by mp

* Enhancement: cves/2020/CVE-2020-28188.yaml by mp

* Enhancement: cves/2020/CVE-2020-26948.yaml by mp

* Enhancement: cves/2020/CVE-2020-26919.yaml by mp

* Enhancement: cves/2020/CVE-2020-26214.yaml by mp

* Syntax cleanup

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Syntax and a title change

* Enhancement: cves/2021/CVE-2021-38702.yaml by mp

* Fix references

* Enhancement: cves/2021/CVE-2021-38704.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-44529.yaml by mp

* Conflicts resolved

* Fix quoting

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cves/2022/CVE-2022-23779.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/cobbler/hue-default-credential.yaml by mp

* Enhancement: default-logins/emqx/emqx-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Enhancement: cves/2021/CVE-2021-38647.yaml by mp

* Enhancement: cves/2021/CVE-2021-41691.yaml by mp

* Enhancement: cves/2021/CVE-2021-45967.yaml by mp

* Enhancement: cves/2022/CVE-2022-0189.yaml by mp

* Enhancement: cnvd/2021/CNVD-2021-14536.yaml by mp

* Enhancement: default-logins/apache/dolphinscheduler-default-login.yaml by mp

* Enhancement: default-logins/geoserver/geoserver-default-login.yaml by mp

* Update CVE-2020-25223.yaml

* Update CVE-2020-26214.yaml

* Update CVE-2020-25506.yaml

* Update CVE-2020-2551.yaml

* Update CVE-2020-26919.yaml

* Update CVE-2021-44529.yaml

* Update CVE-2020-28871.yaml

* Update CVE-2020-28188.yaml

* Update CVE-2021-45967.yaml

* Update hue-default-credential.yaml

* Update CVE-2021-44529.yaml

* misc syntax update

Co-authored-by: sullo <sullo@cirt.net>
Co-authored-by: Prince Chaddha <prince@projectdiscovery.io>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-03-29 16:03:49 +05:30
MostInterestingBotInTheWorld 9b82c296e1
Dashboard Enhancements (#3722)
* Enhancement: cves/2021/CVE-2021-1497.yaml by cs

* Enhancement: cves/2010/CVE-2010-1957.yaml by mp

* Enhancement: cves/2010/CVE-2010-1977.yaml by mp

* Enhancement: cves/2010/CVE-2010-1979.yaml by mp

* Enhancement: cves/2010/CVE-2010-1980.yaml by mp

* Enhancement: cves/2010/CVE-2010-1981.yaml by mp

* Enhancement: cves/2010/CVE-2010-1982.yaml by mp

* Enhancement: cves/2010/CVE-2010-1983.yaml by mp

* Enhancement: cves/2010/CVE-2010-2033.yaml by mp

* Enhancement: cves/2010/CVE-2010-2034.yaml by mp

* Enhancement: cves/2010/CVE-2010-2035.yaml by mp

* Enhancement: cves/2010/CVE-2010-2036.yaml by mp

* Enhancement: cves/2010/CVE-2010-2037.yaml by mp

* Enhancement: cves/2010/CVE-2010-2045.yaml by mp

* Enhancement: cves/2010/CVE-2010-2050.yaml by mp

* Enhancement: cves/2010/CVE-2010-2122.yaml by mp

* Enhancement: cves/2010/CVE-2010-1980.yaml by mp

* Enhancement: cves/2010/CVE-2010-1981.yaml by mp

* Enhancement: cves/2010/CVE-2010-1982.yaml by mp

* Enhancement: cves/2010/CVE-2010-2035.yaml by mp

* Enhancement: cves/2010/CVE-2010-2128.yaml by mp

* Enhancement: cves/2010/CVE-2010-2259.yaml by mp

* Enhancement: cves/2010/CVE-2010-2307.yaml by mp

* Enhancement: cves/2010/CVE-2010-2507.yaml by mp

* Enhancement: cves/2010/CVE-2010-2680.yaml by mp

* Enhancement: cves/2010/CVE-2010-2682.yaml by mp

* Enhancement: cves/2010/CVE-2010-2857.yaml by mp

* Enhancement: cves/2010/CVE-2010-2861.yaml by mp

* Enhancement: cves/2010/CVE-2010-2918.yaml by mp

* Enhancement: cves/2010/CVE-2010-2920.yaml by mp

* Enhancement: cves/2010/CVE-2010-3203.yaml by mp

* Enhancement: cves/2010/CVE-2010-3426.yaml by mp

* Enhancement: cves/2010/CVE-2010-4617.yaml by mp

* Enhancement: cves/2010/CVE-2010-4231.yaml by mp

* Enhancement: cves/2010/CVE-2010-4282.yaml by mp

* Enhancement: cves/2010/CVE-2010-4282.yaml by mp

* Enhancement: cves/2010/CVE-2010-4617.yaml by mp

* Enhancement: cves/2010/CVE-2010-4719.yaml by mp

* Enhancement: cves/2010/CVE-2010-4769.yaml by mp

* Enhancement: cves/2010/CVE-2010-4977.yaml by mp

* Enhancement: cves/2010/CVE-2010-5028.yaml by mp

* Enhancement: cves/2010/CVE-2010-5278.yaml by mp

* Enhancement: cves/2010/CVE-2010-5286.yaml by mp

* Enhancement: cves/2011/CVE-2011-0049.yaml by mp

* Enhancement: cves/2011/CVE-2011-1669.yaml by mp

* Enhancement: cves/2011/CVE-2011-2744.yaml by mp

* Enhancement: cves/2000/CVE-2000-0114.yaml by mp

* Enhancement: cves/2011/CVE-2011-3315.yaml by mp

* Enhancement: cves/2011/CVE-2011-4336.yaml by mp

* Enhancement: cves/2011/CVE-2011-4618.yaml by mp

* Enhancement: cves/2011/CVE-2011-4624.yaml by mp

* Enhancement: cves/2011/CVE-2011-4804.yaml by mp

* Enhancement: cves/2011/CVE-2011-0049.yaml by mp

* Enhancement: cves/2011/CVE-2011-2780.yaml by mp

* Enhancement: cves/2011/CVE-2011-2780.yaml by mp

* Enhancement: cves/2012/CVE-2012-1823.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp

* Enhancement: cves/2012/CVE-2012-1226.yaml by mp

* Enhancement: cves/2012/CVE-2012-0996.yaml by mp

* Enhancement: cves/2021/CVE-2021-39226.yaml by cs

* Enhancement: cves/2021/CVE-2021-27358.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2021/CVE-2021-43798.yaml by cs

* Enhancement: cves/2012/CVE-2012-1835.yaml by mp

* Enhancement: cves/2012/CVE-2012-0901.yaml by mp

* Enhancement: cves/2011/CVE-2011-5265.yaml by mp

* Enhancement: cves/2011/CVE-2011-5181.yaml by mp

* Enhancement: cves/2011/CVE-2011-5179.yaml by mp

* Enhancement: cves/2011/CVE-2011-5107.yaml by mp

* Enhancement: cves/2011/CVE-2011-5106.yaml by mp

* Enhancement: cves/2011/CVE-2011-4926.yaml by mp

* Enhancement: cves/2012/CVE-2012-0991.yaml by mp

* Enhancement: cves/2012/CVE-2012-0981.yaml by mp

* Enhancement: cves/2012/CVE-2012-0896.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp

* Enhancement: cves/2012/CVE-2012-0392.yaml by mp
Fix "too few spaces before comment" lint errors
Co-authored-by: sullo <sullo@cirt.net>
2022-02-21 13:33:16 -05:00
sandeep 33badb66d1 oob tags update 2021-10-19 02:10:26 +05:30
Ice3man543 e9f728c321 Added cve annotations + severity adjustments 2021-09-10 16:56:40 +05:30
sandeep 609705f676 removed extra headers not required for template 2021-09-08 17:47:19 +05:30
sullo ef1f7c5e92 Updates across many templates for clarity, spelling, and grammar. 2021-09-05 17:13:45 -04:00
Noam Rathaus 86f3c08ba6 Vendor writes it as "NETGEAR" 2021-08-29 09:39:06 +03:00
forgedhallpass cdf9451158 Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string
Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84
2021-08-18 14:44:27 +03:00
sandeep 94ae6ea0bf Added tag 2021-07-15 23:47:05 +05:30
GwanYeong Kim 67ae44be04 Create CVE-2020-26919.yaml
it was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.

Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com>
2021-07-15 10:54:56 +09:00