admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-01-31 15:53:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

chore: generate CVEs metadata 🤖

Browse Source
This commit is contained in:
ghost
2025-12-24 13:27:25 +00:00
parent 1bb70e480d
commit bea9fd2fe1
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cves.json
View File

@@ -901,6 +901,7 @@
{"ID":"CVE-2019-8943","Info":{"Name":"WordPress Core 5.0.0 - Crop-image Shell Upload","Severity":"medium","Description":"WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-8943.yaml"}
{"ID":"CVE-2019-8982","Info":{"Name":"Wavemaker Studio 6.6 - Local File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent\u0026inUrl= value in com/wavemaker/studio/StudioService.java, leading to disclosure of local files and server-side request forgery.","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2019/CVE-2019-8982.yaml"}
{"ID":"CVE-2019-9041","Info":{"Name":"ZZZCMS 1.6.1 - Remote Code Execution","Severity":"high","Description":"ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzz_template.php file because the parserIfLabel() function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-9041.yaml"}
{"ID":"CVE-2019-9082","Info":{"Name":"ThinkPHP \u003c 3.2.4 - Remote Code Execution","Severity":"high","Description":"ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via the s parameter in index.php through the invokefunction functionality.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-9082.yaml"}
{"ID":"CVE-2019-9194","Info":{"Name":"elFinder \u003c= 2.1.47 - Command Injection","Severity":"critical","Description":"elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.\nThe vulnerability occurs when performing image operations on JPEG files, where the filename\nis passed to the `exiftran` utility without proper sanitization, allowing command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9194.yaml"}
{"ID":"CVE-2019-9618","Info":{"Name":"WordPress GraceMedia Media Player 1.0 - Local File Inclusion","Severity":"critical","Description":"WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-9618.yaml"}
{"ID":"CVE-2019-9621","Info":{"Name":"Zimbra Collaboration Suite - SSRF","Severity":"high","Description":"Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-9621.yaml"}

2
cves.json-checksum.txt
View File

@@ -1 +1 @@
94eac64ccd606a6b1ee081688d2aa62f
7b61ea1c09f21b1fbc2c81bc2f828e6b