search

gmatuz / inthewilddb

Hourly updated database of exploit and exploitation reports
https://inthewild.io/
Apache License 2.0
231 stars 18 forks source link

Discrepancies in website and Docker requests #7

Closed mauvehed closed 1 year ago

mauvehed commented 1 year ago

While attempting to use the docker image to query CVE’s, I’m finding some very strange discrepancies between what that shows and the website.

Take for instance CVE-2022-4257. The website shows a resource for exploitation and and exploit.

However, the Docker query shows an exploit, but no exploitation.

docker run inthewild/inthewild reports CVE-2022-4257 --no-format-cli | jq
{
  "id": "CVE-2022-4257",
  "description": "A vulnerability was found in C-DATA Web Management System. It has been rated as critical. This issue affects some unknown processing of the file cgi-bin/jumpto.php of the component GET Parameter Handler. The manipulation of the argument hostname leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214631.",
  "exploitations": [],
  "exploits": [
    {
      "id": "CVE-2022-4257",
      "referenceURL": "https://github.com/siriuswhiter/VulnHub/blob/main/C-Data/rce1.md",
      "timeStamp": "2022-12-05T18:51:00.000Z"
    }
  ]
}

Another issue is with CVE-2022-47986. The website shows two exploitation notes and one exploit. However, the Docker lookup says it doesn’t have a description or anything.

docker run inthewild/inthewild reports CVE-2022-47986 --no-format-cli | jq
{
  "id": "CVE-2022-47986",
  "description": "Vulnerability description missing",
  "exploitations": [],
  "exploits": []
}
gmatuz commented 1 year ago

fixed, the update logic to the repository was broken :scream: