admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-02-28 10:01:19 +00:00
parent e455213f60
commit 00a9556b57
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
2 changed files with 154 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
2022/0xxx/CVE-2022-0377.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-0377",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "LearnPress < 4.1.5 - Arbitrary Image Renaming"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "LearnPress WordPress LMS Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.5",
"version_value": "4.1.5"
"CVE_data_meta": {
"ID": "CVE-2022-0377",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "LearnPress < 4.1.5 - Arbitrary Image Renaming"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "LearnPress \u2013 WordPress LMS Plugin",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.1.5",
"version_value": "4.1.5"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26",
"name": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26"
},
{
"refsource": "MISC",
"url": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/",
"name": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/"
},
{
"refsource": "MISC",
"url": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf",
"name": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-73 External Control of File Name or Path",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a \"POST\" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ceylan Bozogullarindan"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26",
"name": "https://wpscan.com/vulnerability/0d95ada6-53e3-4a80-a395-eacd7b090f26"
},
{
"refsource": "MISC",
"url": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/",
"name": "https://bozogullarindan.com/en/2022/01/wordpress-learnpress-plugin-4.1.4.1-arbitrary-image-renaming/"
},
{
"refsource": "MISC",
"url": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf",
"name": "https://github.com/LearnPress/learnpress/commit/d1dc4af7ef2950f1000abc21bd9520fb3eb98faf"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-73 External Control of File Name or Path",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Ceylan Bozogullarindan"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

154
2022/23xxx/CVE-2022-23912.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2022-23912",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Testimonial WordPress Plugin AP Custom Testimonial",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "1.4.6",
"version_value": "1.4.6"
},
{
"version_affected": "<",
"version_name": "1.4.7",
"version_value": "1.4.7"
"CVE_data_meta": {
"ID": "CVE-2022-23912",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Testimonial WordPress Plugin \u2013 AP Custom Testimonial",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "1.4.6",
"version_value": "1.4.6"
},
{
"version_affected": "<",
"version_name": "1.4.7",
"version_value": "1.4.7"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting"
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/09512431-aa33-4514-8b20-1963c5d89f33",
"name": "https://wpscan.com/vulnerability/09512431-aa33-4514-8b20-1963c5d89f33"
},
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2664185",
"name": "https://plugins.trac.wordpress.org/changeset/2664185"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rafael Castilho"
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/2664185",
"name": "https://plugins.trac.wordpress.org/changeset/2664185"
},
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/09512431-aa33-4514-8b20-1963c5d89f33",
"name": "https://wpscan.com/vulnerability/09512431-aa33-4514-8b20-1963c5d89f33"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-79 Cross-site Scripting (XSS)",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Rafael Castilho"
}
],
"source": {
"discovery": "EXTERNAL"
}
],
"source": {
"discovery": "EXTERNAL"
}
}