Dashboard Content Enhancements (#4031)

Dashboard Content Enhancements

misconfiguration/phpmyadmin/phpmyadmin-sql.php-server.yaml

@@ -1,28 +1,35 @@
-id: phpmyadmin-misconfiguration
-
-info:
-  name: Sensitive data exposure
-  author: pussycat0x
-  severity: high
-  description: Unauthenticated phpmyadmin leads to exposure of sensitive information
-  reference: https://www.exploit-db.com/ghdb/6997
-  tags: phpmyadmin,misconfig
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"
-      - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "var db    = 'information_schema';"
-          - "var opendb_url = 'db_structure.php';"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: phpmyadmin-misconfiguration
+
+info:
+  name: phpmyadmin Data Exposure
+  author: pussycat0x
+  severity: medium
+  description: An unauthenticated instance of phpmyadmin was discovered, which could be leveraged to access sensitive information.
+  reference: https://www.exploit-db.com/ghdb/6997
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id:
+    cwe-id: CWE-200
+  tags: phpmyadmin,misconfig
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/phpmyadmin/index.php?db=information_schema"
+      - "{{BaseURL}}/phpMyAdmin/index.php?db=information_schema"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "var db    = 'information_schema';"
+          - "var opendb_url = 'db_structure.php';"
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+# Enhanced by mp on 2022/04/06