updated matcher & info

projectdiscovery · May 14, 2024 · f2caf22 · f2caf22
1 parent be89fd7
commit f2caf22
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/http/cves/2023/CVE-2023-45855.yaml b/http/cves/2023/CVE-2023-45855.yaml
@@ -1,16 +1,18 @@
 id: CVE-2023-45855
 
 info:
-  name: qdPM 9.2 Directory Traversal Vulnerability
+  name: qdPM 9.2 - Directory Traversal
   author: DhiyaneshDk
   severity: high
-  description: qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
+  description: |
+    qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
   impact: |
     Successful exploitation could allow an attacker to read sensitive files on the server.
   remediation: |
     Upgrade qdPM to a non-vulnerable version to mitigate the directory traversal vulnerability.
   reference:
-    - https://qdpm.net
+    - https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/Directory%20Traversal.md
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-45855
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
@@ -23,7 +25,7 @@ info:
     vendor: qdpm
     product: qdpm
     shodan-query: http.favicon.hash:762074255
-  tags: cve,cve2023,qdpm,lfi,listing
+  tags: cve,cve2023,qdpm,lfi
 
 http:
   - method: GET
@@ -35,8 +37,8 @@ http:
       - type: word
         part: body
         words:
-          - "users"
-          - "attachments"
+          - "Index of /uploads</title>"
+          - "attachments/</a>"
         condition: and
 
       - type: status