高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Unknown | NEX-Forms – Ultimate Form Builder – Contact forms and much more | 7.9.7 ~ 7.9.7 | - |
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-3142.yaml | POC詳細 |
公開POCは見つかりませんでした。
ログインしてAI POCを生成| CVE-2022-3021 | Slickr Flickr <= 2.8.1 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-3036 | Gettext override translations < 2.0.0 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2958 | BadgeOS < 3.7.1.3 - Subscriber+ SQLi | |
| CVE-2022-2754 | Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Blind SQLi | |
| CVE-2022-2753 | Ketchup Restaurant Reservations <= 1.0.0 - Unauthenticated Stored XSS | |
| CVE-2022-2710 | Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2709 | Float to Top Button <= 2.3.6 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-2567 | Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting | |
| CVE-2022-1591 | WordPress Ping Optimizer < 2.35.1.3.0 - Arbitrary Settings Update via CSRF | |
| CVE-2022-1580 | Site Offline < 1.5.3 - Access Bypass | |
| CVE-2022-2840 | Zephyr Project Manager < 3.2.5 - Multiple Unauthenticated SQLi | |
| CVE-2022-3141 | Translatepress Multilinugal < 2.3.3 - Admin+ SQLi |
まだコメントはありません