What's Changed

🔥 Release Highlights 🔥

• [CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
• [CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
• [CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
• [CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @DhiyaneshDK) [critical] 🔥
• [CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-32735] CyberPower - Missing Authentication (@DhiyaneshDK) [critical] 🔥
• [CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
• [CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
• [CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-2961] PHP - LFR to RCE (@Kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
• [CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@DhiyaneshDK) [critical] 🔥

Bug Fixes

• Resolved issue with time-based SQL injection flow (Issue #11029).
• Corrected detection for CVE-2016-9299 (Issue #11121).
• Fixed false positive for appspec-yml-disclosure.yaml template (Issue #11112).
• Refactored "Django Admin Panel" template (Issue #11044).
• Improved prototype pollution checks to prevent insecure sanitization bypass (Issue #10589).

False Negatives

• Corrected false negative in CVE-2024-34982 detection (Issue #11111).
• Fixed false negative in CVE-2023-39650 (Issue #11043).
• Addressed false negative for iam-user-password-change detection (Issue #11027).

False Positives

• Reduced false positives in weaver-checkserver-sqli template (Issue #11123).

Enhancements

• Added templates for AWS services: EFS, Inspector2, GuardDuty, Firehose, DMS, EBS, ElastiCache, Route53, and RDS.
• Introduced time-based tags for improved classification (Issue #11006).

Template Updates

New Templates Added: 116 | CVEs Added: 52 | First-time contributions: 7

• [CVE-2024-49757] Zitadel - User Registration Bypass (@Sujal Tuladhar) [high]
• [CVE-2024-48914] Vendure - Arbitrary File Read (@s4e-io) [critical] 🔥
• [CVE-2024-46310] FXServer < v9601 - Information Exposure (@s4e-io) [medium]
• [CVE-2024-45488] SafeGuard for Privileged Passwords < 7.5.2 - Auth Bypass (@iamnoooob, @rootxharsh, @pdresearch) [critical]
• [CVE-2024-45216] Apache Solr - Authentication Bypass (@gumgum) [critical] 🔥
• [CVE-2024-44349] AnteeoWMS < v4.7.34 - SQL Injection (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2024-43360] ZoneMinder - SQL Injection (@s4e-io) [critical] 🔥
• [CVE-2024-40711] Veeam Backup & Replication - Unauth (@rootxharsh, @iamnoooob, @DhiyaneshDK) [critical] 🔥
• [CVE-2024-39713] Rocket.Chat - Server-Side Request Forgery (SSRF) (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-35584] openSIS < 9.1 - SQL Injection (@s4e-io) [high]
• [CVE-2024-32739] CyberPower < v2.8.3 - SQL Injection (@DhiyaneshDk) [high]
• [CVE-2024-32738] CyberPower - SQL Injection (@DhiyaneshDk) [high]
• [CVE-2024-32737] CyberPower - SQL Injection (@DhiyaneshDk) [high]
• [CVE-2024-32736] CyberPower < v2.8.3 - SQL Injection (@DhiyaneshDk) [high]
• [CVE-2024-32735] CyberPower - Missing Authentication (@DhiyaneshDK) [critical] 🔥
• [CVE-2024-22476] Intel Neural Compressor <2.5.0 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2024-9796] WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection (@s4e-io) [critical]
• [CVE-2024-9617] Danswer - Insecure Direct Object Reference (@s4e-io) [medium]
• [CVE-2024-9593] Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution (@s4e-io) [high] 🔥
• [CVE-2024-9234] GutenKit <= 2.1.0 - Arbitrary File Upload (@s4e-io) [critical] 🔥
• [CVE-2024-9061] WP Popup Builder Popup Forms <= 1.3.5 - Arbitrary Shortcode Execution (@s4e-io) [high]
• [CVE-2024-8698] Keycloak - SAML Core Package Signature Validation Flaw (@iamnoooob, @rootxharsh, @pdresearch) [high]
• [CVE-2024-5910] Palo Alto Expedition - Admin Account Takeover (@johnk3r) [critical]
• [CVE-2024-4439] WordPress Core <6.5.2 - Cross-Site Scripting (@nqdung2002) [high]
• [CVE-2024-3656] Keycloak < 24.0.5 - Broken Access Control (@iamnoooob, @rootxharsh, @pdresearch) [high] 🔥
• [CVE-2024-2961] PHP - LFR to RCE (@Kim Dongyoung (Kairos-hk), @bolkv, @n0ming, @RoughBoy0723) [high]
• [CVE-2023-43373] Hoteldruid v3.0.5 - SQL Injection (@ritikchaddha) [critical] 🔥
• [CVE-2023-40931] Nagios XI v5.11.0 - SQL Injection (@ritikchaddha) [medium]
• [CVE-2023-40755] PHPJabbers Callback Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-40753] PHPJabbers Ticket Support Script v3.2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-40752] PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-40751] PHPJabbers Fundraising Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-40750] PHPJabbers Yacht Listing Script v1.0 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-40749] PHPJabbers Food Delivery Script v3.0 - SQL Injection (@ritikchaddha) [critical]
• [CVE-2023-40748] PHPJabbers Food Delivery Script - SQL Injection (@ritikchaddha) [critical]
• [CVE-2023-39560] ECTouch v2 - SQL Injection (@s4e-io) [critical]
• [CVE-2023-38040] Revive Adserver 5.4.1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-5561] WordPress Core - Post Author Email Disclosure (@nqdung2002) [medium]
• [CVE-2023-5558] LearnPress < 4.2.5.5 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-2745] WordPress Core <=6.2 - Directory Traversal (@nqdung2002) [medium]
• [CVE-2023-1318] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-1317] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2023-1315] osTicket < v1.16.6 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2021-45811] osTicket 1.15.x - SQL Injection (@ritikchaddha) [medium]
• [CVE-2021-38156] Nagios XI < 5.8.6 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2019-8943] WordPress Core 5.0.0 - Crop-image Shell Upload (@sttlr) [medium]
• [CVE-2018-7196] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2018-7193] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2018-7192] osTicket < 1.10.2 - Cross-Site Scripting (@ritikchaddha) [medium]
• [CVE-2017-5868] OpenVPN Access Server 2.1.4 - CRLF Injection (@ritikchaddha) [medium]
• [CVE-2016-9299] Jenkins CLI - HTTP Java Deserialization (@iamnoooob, @rootxharsh, @pdresearch) [critical] 🔥
• [CVE-2015-8562] Joomla HTTP Header Unauth - RCE (@kairos-hk, @bolkv, @n0ming, @RoughBoy0723) [high]
• [dms-multi-az] DMS Multi-AZ Not Enabled (@DhiyaneshDK) [medium]
• [dms-public-access] Publicly Accessible DMS Replication Instances (@DhiyaneshDK) [medium]
• [dms-version-upgrade] DMS Auto Minor Version Upgrade (@DhiyaneshDK) [medium]
• [ebs-encryption-disabled] EBS Encryption - Disabled (@DhiyaneshDK) [high]
• [efs-encryption-disabled] EFS Encryption - Disabled (@DhiyaneshDK) [medium]
• [cache-automatic-backups-disabled] ElastiCache Automatic Backups - Disabled (@DhiyaneshDK) [medium]
• [cache-event-notification-disabled] ElastiCache Event Notifications - Disabled (@DhiyaneshDK) [medium]
• [cache-redis-encryption-disabled] ElastiCache Redis In-Transit and At-Rest Encryption - Disabled (@DhiyaneshDK) [high]
• [cache-redis-multiaz-disabled] ElastiCache Redis Multi-AZ - Disabled (@DhiyaneshDK) [medium]
• [firehose-server-destination-encryption] Firehose Delivery Stream Destination Encryption - Disabled (@DhiyaneshDK) [medium]
• [firehose-server-side-encryption] Firehose Delivery Stream Server-Side Encryption - Disabled (@DhiyaneshDK) [high]
• [guardduty-findings] Open GuardDuty Findings (@DhiyaneshDK) [medium]
• [guardduty-not-enabled] GuardDuty Not Enabled (@DhiyaneshDK) [info]
• [malware-protection-disabled] GuardDuty Malware Protection - Disabled (@DhiyaneshDK) [info]
• [s3-protection-disabled] GuardDuty S3 Protection - Disabled (@DhiyaneshDK) [medium]
• [inspector2-disabled] Amazon Inspector 2 - Disabled (@DhiyaneshDK) [info]
• [rds-auto-minor-upgrade-disabled] RDS Auto Minor Version Upgrade - Disabled (@DhiyaneshDK) [medium]
• [rds-automated-backup-disabled] RDS Automated Backups - Disabled (@DhiyaneshDK) [high]
• [rds-backtrack-disabled] AWS RDS Backtrack - Disabled (@DhiyaneshDK) [low]
• [rds-cluster-protection-disabled] RDS Cluster Deletion Protection - Disabled (@DhiyaneshDK) [medium]
• [rds-copy-snap] RDS Copy Tags to Snapshots - Disabled (@DhiyaneshDK) [low]
• [rds-insights-disabled] RDS Performance Insights - Disabled (@DhiyaneshDK) [low]
• [rds-instance-autoscaling-disabled] RDS Instance Storage AutoScaling - Disabled (@DhiyaneshDK) [medium]
• [rds-log-export-disabled] RDS Log Exports - Disabled (@DhiyaneshDK) [low]
• [rds-multi-az] RDS Multi-AZ - Disabled (@DhiyaneshDK) [medium]
• [rds-public-access] RDS Publicly Accessible - Enabled (@DhiyaneshDK) [high]
• [route53-dns-query-disabled] DNS Query Logging for Route 53 Hosted Zones - Disabled (@DhiyaneshDK) [medium]
• [route53-dnssec-signing-disabled] DNSSEC Signing for Route 53 Hosted Zones - Disabled (@DhiyaneshDK) [medium]
• [CNVD-2024-38747] Zhejiang Dahua Smart Cloud Gateway Registration Platform - SQL Injection (@s4e-io) [high]
• [doris-default-login] Apache Doris - Default Login (@icarot) [high]
• [sato-default-login] Sato - Default Login (@y0no) [high]
• [zebra-default-login] Zebra - Default Login (@y0no) [high]
• [1password-scim-panel] 1Password SCIM Bridge - Panel (@Splint3r7) [info]
• [danswer-panel] Danswer Panel - Detect (@s4e-io) [info]
• [freescout-panel] FreeScout Panel - Detect (@s4e-io) [info]
• [nagios-logserver-panel] Nagios Log Server - Detect (@ritikchaddha) [info]
• [olympic-panel] OLYMPIC Banking System Login Panel - Detect (@righettod) [info]
• [onedev-panel] OneDev Panel - Detect (@vultza) [info]
• [paloalto-expedition-panel] Palo Alto Expedition Project Login - Detect (@johnk3r) [info]
• [reolink-panel] Reolink Panel - Detect (@s4e-io) [info]
• [sqlpad-panel] SQLPad Panel - Detect (@s4e-io) [info]
• [traccar-panel] Traccar Panel - Detect (@s4e-io) [info]
• [txadmin-panel] txAdmin Panel - Detect (@s4e-io) [info]
• [usermin-panel] Usermin Panel - Detect (@s4e-io) [info]
• [veritas-netbackup-panel] Veritas NetBackup OpsCenter Analytics Login - Detect (@rxerium) [info]
• [vmware-aria-panel] VMware Aria Operations Login - Detect (@rxerium) [info]
• [nagios-logserver-installer] Nagios Log Server - Install (@ritikchaddha) [high]
• [redpanda-console] Redpanda Console - Exposure (@kh4sh3i) [medium]
• [root-path-disclosure] ROOT - Path Disclosure (@soltanali0, @ArganexEmad) [high]
• [unauth-cyber-power-systems] Cyber Power Systems - Unauthenticated (@DhiyaneshDK) [high]
• [wasabi-bucket-takeover] wasabi Bucket Takeover - Detection (@philippedelteil) [high]
• [accellion-detect] Accellion - Detect (@rxerium) [info]
• [gradio-detect] Gradio - Detect (@s4e-io) [info]
• [lollms-webui-detect] LoLLMS WebUI - Detect (@s4e-io) [info]
• [mirth-connect-detect] Mirth Connect Admin Panel - Detect (@rxerium) [info]
• [oracle-fusion-detect] Oracle Fusion Middleware - Detect (@rxerium) [info]
• [salesforce-b2c-commerce-webdav] Salesforce B2C Commerce WebDAV - Detection (@batutahibnu17) [info]
• [hcm-cloud-lfi] HCM Cloud - Arbitrary File Read (@s4e-io) [high]
• [nagios-xi-xss] Nagios XI 5.7.1 - Cross-Site Scripting (@ritikchaddha) [medium]
• [cyberpanel-rce] CyberPanel v2.3.6 Pre-Auth RCE (@DhiyaneshDK) [critical] 🔥
• [application-pass-xss] WordPress Core 5.6 and 6.3.1 - Cross-Site Scripting (@nqdung2002) [medium]
• [wp-footnote-xss] WordPress 6.3-6.3.1 Footnotes Block - Cross-Site Scripting (@nqdung2002) [medium]
• [yonyou-u8-crm-sqli] UFIDA U8 CRM cfillbacksetting.php - SQL Injection (@s4e-io) [high]
• [yonyou-u8-crm-tb-sqli] UFIDA U8 CRM fillbacksetting.php - SQL Injection (@s4e-io) [high]

New Contributors

• @h41th made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10589
• @soltanali0 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10675
• @kairos-hk made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10492
• @nqdung2002 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/10506
• @batutahibnu17 made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/11041
• @vultza made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/11100
• @DuyVuong made their first contribution in https://github.com/projectdiscovery/nuclei-templates/pull/11113

Full Changelog: https://github.com/projectdiscovery/nuclei-templates/compare/v10.0.2...v10.0.3