admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2026-01-13 05:51:46 +00:00
parent ff278ef4ef
commit 8786158ff1
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -705,6 +705,7 @@
{"ID":"CVE-2018-7662","Info":{"Name":"CouchCMS \u003c= 2.0 - Path Disclosure","Severity":"medium","Description":"CouchCMS \u003c= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-7662.yaml"}
{"ID":"CVE-2018-7700","Info":{"Name":"DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution","Severity":"high","Description":"DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-7700.yaml"}
{"ID":"CVE-2018-7719","Info":{"Name":"Acrolinx Server \u003c5.2.5 - Local File Inclusion","Severity":"high","Description":"Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7719.yaml"}
{"ID":"CVE-2018-7765","Info":{"Name":"Schneider Electric U.motion Builder - SQL Injection","Severity":"high","Description":"The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-7765.yaml"}
{"ID":"CVE-2018-7841","Info":{"Name":"Schneider Electric U.motion Builder - Remote Code Execution","Severity":"critical","Description":"U.motion Builder 1.3.4 contains a remote code execution vulnerability caused by improper input sanitization, allowing attackers to execute arbitrary system commands through crafted input parameters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7841.yaml"}
{"ID":"CVE-2018-8006","Info":{"Name":"Apache ActiveMQ \u003c=5.15.5 - Cross-Site Scripting","Severity":"medium","Description":"Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web based administration console on the queue.jsp page. The root cause of this issue is improper data filtering of the QueueFilter parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-8006.yaml"}
{"ID":"CVE-2018-8024","Info":{"Name":"Apache Spark UI - Cross-Site Scripting","Severity":"medium","Description":"Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-8024.yaml"}