Auto Generated cves.json [Mon Jun 3 08:55:31 UTC 2024] :robot:

cves.json

@@ -1550,6 +1550,7 @@
 {"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"}
 {"ID":"CVE-2022-0658","Info":{"Name":"CommonsBooking \u003c 2.6.8 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0658.yaml"}
 {"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"}
+{"ID":"CVE-2022-0666","Info":{"Name":"Microweber \u003c 1.2.11 - CRLF Injection","Severity":"high","Description":"CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0666.yaml"}
 {"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"}
 {"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"}
 {"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0692.yaml"}

cves.json-checksum.txt

@@ -1 +1 @@
-0cf7a96430fadd9e4602ab1fd647e275
+e808b27672b538f74b345e3d92eb4a9f