Summary of Releases v9.5.5, v9.5.6, v9.5.7, v9.5.8, and v9.6.0
This month, we've released multiple versions of Nuclei Templates that bring numerous enhancements to Nuclei users.
Here are some highlighted stats from the combined releases:
π 255 new Templates added
π 15 first-time contributions
π₯ 82 new CVEs added
Introduction
Welcome to the July 2023 edition of Nuclei Templates Monthly Release. This has been an exciting month with a lot of hot CVEs like Adobe ColdFusion - Pre-Auth Remote Code Execution, Ivanti EPMM - Authentication Bypass, and Metabase PreAuth RCE etc.
The CVEs added in this release have made headlines in cybersecurity. The Adobe ColdFusion vulnerabilities, particularly, have been a hot topic due to their potential for pre-authentication remote code execution and access control bypass. Similarly, the vulnerabilities in Ivanti EPMM, Metabase, and CasaOS have raised concerns due to their potential for authentication bypass.
New Templates Added
We are excited to announce the addition of 255 new templates to the Nuclei Templates project. These templates cover a wide range of security checks, from trending vulnerabilities to C2 server detection, empowering you to identify potential vulnerabilities efficiently. The contributions from our dedicated community have been immeasurably valuable in expanding the breadth of Nuclei's capabilities, and we extend our gratitude to all those involved.
New CVEs Added
This release incorporates 82 π₯ new CVEs, ensuring you remain current with the latest security vulnerabilities. By including these CVEs in the Nuclei Templates, we aim to provide you with the necessary tools to detect and mitigate potential risks proactively.
Highlighted CVE Templates
Here are some notable CVEs included in this release:
CVE-2023-35078 : Ivanti EPMM - Authentication Bypass
Ivanti EPMM is vulnerable to an authentication bypass. This vulnerability allows an attacker to bypass the authentication mechanism.
Template: GitHub Link
Author: @parthmalhotra, @ehsandeep
CVE-2023-38646: Metabase PreAuth RCE
Description: Metabase is vulnerable to a pre-authentication remote code execution (RCE). This vulnerability allows an attacker to execute arbitrary code without requiring authentication.
Template: GitHub Link
Author: @iamnoooob, @rootxharsh
CVE-2023-37265, CVE-2023-37266: CasaOS Authentication Bypass
Description: CasaOS is vulnerable to an authentication bypass allowing attackers access without first having to authenticate themselves.
Template: GitHub Link, GitHub Link
Author: @DhiyaneshDk
CVE-2023-35885: Cloudpanel 2 - Remote Code Execution
Description: Cloudpanel 2 is vulnerable to remote code execution allowing an attacker to execute arbitrary code.
Template: GitHub Link
Author: @DhiyaneshDk
CVE-2023-29300: Adobe ColdFusion - Pre-Auth Remote Code Execution
Description: Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a deserialization of untrusted data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.
Template: GitHub Link
Author: @iamnoooob, @rootxharsh
CVE-2023-29298: Adobe ColdFusion - Access Control Bypass
Description: An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, exposing 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.
Template: GitHub Link
Author: @iamnoooob, @rootxharsh
CVE-2023-2982: Miniorange Social Login and Register <= 7.6.3 - Authentication Bypass
Description: The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.
Template: GitHub Link
Author: @ritikchaddha
CVE-2023-24489: Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution
Description: A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.
Template: GitHub Link
Author: @DhiyaneshDk, @dwisiswant0
CVE-2022-40127: AirFlow < 2.4.0 - Remote Code Execution
Description: A vulnerability in Example DAGs of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow versions prior to 2.4.0.
Template: GitHub Link
Author: @DhiyaneshDk
CVE-2023-36934: MOVEit Transfer - SQL Injection
Description: MOVEit Transfer is vulnerable to SQL Injection. This vulnerability allows an attacker to manipulate SQL queries.
Template: GitHub Link
Author: @iamnoooob, @rootxharsh
CVE-2023-28121: WooCommerce Payments - Unauthorized Admin Access
Description: WooCommerce Payments is vulnerable to unauthorized admin access. This vulnerability allows an attacker to gain unauthorized access to the admin panel.
Template: GitHub Link
Author: @DhiyaneshDk
CVE-2023-0297: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Description: PyLoad 0.5.0 is vulnerable to a pre-authentication remote code execution (RCE). This vulnerability allows an attacker to execute arbitrary code without requiring authentication.
Template: GitHub Link
Author: @MrHarshvardhan, @DhiyaneshDk
CVE-2023-3460: The Ultimate Member WordPress plugin - Unauthorized Admin Access
Description: The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.
Template: GitHub Link
Author: @DhiyaneshDk
Bug Fixes and Enhancements
This release has several bug fixes and implemented enhancements to improve the overall functionality of Nuclei Templates. The following contributions from our community members have been instrumental in making these improvements:
- Updated CVEs with the following info in #7670 :
- Added CPE under the classification
- Added EPSS score under the classification
- Added vendor, and product name under metadata
- Added tags and references - Fixed 15+ templates producing false positive/negative results
- Updated 12 XSS templates with weak matchers #7756
- Removed hardcoded
nuclei
string from the templates in #6573
Community Spotlight
We express our sincere appreciation to the community members, including our first-time contributors for their contributions to the Nuclei Templates project.
- @yaabdala made their first contribution in #7722
- @HuTa0kj made their first contribution in #7715
- @professorabhay made their first contribution in #7697
- @Zinkuth made their first contribution in #7776
- @MalavikaSK made their first contribution in #6514
- @FreeZeroDays made their first contribution in #7691
- @bob-the-builder-v made their first contribution in #7602
- @Thirukrishnan made their first contribution in #7705
- @TheArqsz made their first contribution in #6963
- @brianlam38 made their first contribution in #7674
- @E1A made their first contribution in #7654
- @dcruzec made their first contribution in #7672
- @dongpohezui made their first contribution in #7657
- @aringo-bf made their first contribution in #7656
- @ghoeffner made their first contribution in #7603
- @mosesrenegade made their first contribution in #7604
- @ErikOwen made their first contribution in #7344
- @Marcuccio made their first contribution in #7614
- @Armandhe-China made their first contribution in #6405
- @aravindb26 made their first contribution in #7372
News, Upcoming Features & Roadmap
We're thrilled to share some exciting news! The ProjectDiscovery team will be present at DEF CON, and we're counting down the days to Discovery. We can't wait to meet and connect with our valued community members in person!
To stay updated on all the details about the event, check out the website here: Countdown to Discovery - DEF CON
We look forward to engaging with you and making the most out of this fantastic opportunity to strengthen our bond with the community. See you at DEF CON!
You can Join the Nuclei Templates community on Discord, where you can actively participate, collaborate, and share valuable insights. Feel free to join the Discord server if you have any questions or suggestions for further improving Nuclei Templates.