Merge pull request #10724 from projectdiscovery/missing-cpe-tag

Add missing cpes, vendor and product information

Author: princechaddha

http/cnvd/2020/CNVD-2020-63964.yaml

@@ -8,8 +8,12 @@ info:
     jshERP that can reveal sensitive information including system credentials without credentials.
   reference:
     - https://cn-sec.com/archives/1798444.html
+  classification:
+    cpe: cpe:2.3:a:jishenghua:jsherp:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
+    vendor: jishenghua
+    product: jsherp
     shodan-query: http.favicon.hash:-1298131932
     fofa-query: jshERP-boot
   tags: cnvd,cnvd2020,jsherp,disclosure
@@ -36,4 +40,5 @@ http:
       - type: status
         status:
           - 200
+
 # digest: 490a00463044022001094e317be5b989e3d7461dd099453f1237356ce28affa5ee58239edd6affa502205957345e5569e5b78bc928736bd415c0445ca550661c57cd1e27f9d66d6520a3:922c64590222798bb761d5b6d8e72950

http/cnvd/2021/CNVD-2021-14536.yaml

@@ -11,9 +11,12 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
     cvss-score: 8.3
     cwe-id: CWE-522
+    cpe: cpe:2.3:h:ruijie:rg-uac:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
     fofa-query: title="RG-UAC登录页面"
+    product: rg-uac
+    vendor: ruijie
   tags: cnvd2021,cnvd,ruijie,disclosure
 
 http:
@@ -42,4 +45,4 @@ http:
         group: 1
         regex:
           - '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
-# digest: 490a00463044022046fa27ed559165bee99e3f0591f1ca5ee488637fb236c6b1c81fe49ee2c93865022045c885a0df3ac7a1fbada587a1785a09b40212dc68eeb662117a4e7bccac59d5:922c64590222798bb761d5b6d8e72950
+# digest: 490a00463044022046fa27ed559165bee99e3f0591f1ca5ee488637fb236c6b1c81fe49ee2c93865022045c885a0df3ac7a1fbada587a1785a09b40212dc68eeb662117a4e7bccac59d5:922c64590222798bb761d5b6d8e72950

http/cnvd/2021/CNVD-2021-15822.yaml

@@ -8,9 +8,13 @@ info:
     ShopXO is an open source enterprise-level open source e-commerce system. ShopXO has an arbitrary file reading vulnerability, which can be used by attackers to obtain sensitive information.
   reference:
     - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog
+  classification:
+    cpe: cpe:2.3:a:shopxo:shopxo:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
+    vendor: shopxo
+    product: shopxo
     shodan-query: title:"ShopXO企业级B2C电商系统提供商"
     fofa-query: app="ShopXO企业级B2C电商系统提供商"
   tags: cnvd2021,cnvd,shopxo,lfi
@@ -31,4 +35,5 @@ http:
       - type: status
         status:
           - 200
+
 # digest: 490a0046304402206735e750a62b437583ca1e1cae33666b4c2ce3b8a8310c3d1212a98fcb018a69022066c8a339f06f76b3df20a5c624b054d356f219e1e77661921c541dc2d7ee4dc5:922c64590222798bb761d5b6d8e72950

http/cnvd/2021/CNVD-2021-28277.yaml

@@ -12,9 +12,12 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
     cvss-score: 8.6
     cwe-id: CWE-22
+    cpe: cpe:2.3:a:landray:landray_office_automation:*:*:*:*:*:*:*:*
   metadata:
     max-request: 2
     fofa-query: app="Landray OA system"
+    product: landray_office_automation
+    vendor: landray
   tags: cnvd,cnvd2021,landray,lfi
 
 http:
@@ -47,4 +50,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100b98b4479ab9f48943be02a1d2b3a0cebe9d3d5389705d58d3d7ca1f306dcdebc022100d07fed00db3b41b001193fcbaf37522bdd576917c02364b840beb62c96d46a32:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100b98b4479ab9f48943be02a1d2b3a0cebe9d3d5389705d58d3d7ca1f306dcdebc022100d07fed00db3b41b001193fcbaf37522bdd576917c02364b840beb62c96d46a32:922c64590222798bb761d5b6d8e72950

http/cnvd/2021/CNVD-2021-33202.yaml

@@ -9,11 +9,16 @@ info:
   reference:
     - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md
     - https://www.cnblogs.com/0day-li/p/14637680.html
+  classification:
+    cpe: cpe:2.3:a:weaver:e-cology:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
     fofa-query: app="泛微-协同办公OA"
+    product: e-cology
+    vendor: weaver
   tags: cnvd2021,cnvd,e-cology,sqli
+
 variables:
   num: "999999999"
 
@@ -33,4 +38,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4a0a0047304502202c3b8ac764f980a41094f1c98193a9080c65ceaff64975f42b69ef53477bb196022100bb0b3e66abdc94f608aefecaf03255af930789468009df696c1eedb8dff2d283:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a0047304502202c3b8ac764f980a41094f1c98193a9080c65ceaff64975f42b69ef53477bb196022100bb0b3e66abdc94f608aefecaf03255af930789468009df696c1eedb8dff2d283:922c64590222798bb761d5b6d8e72950

http/cnvd/2022/CNVD-2022-42853.yaml

@@ -13,11 +13,14 @@ info:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
     cvss-score: 10
     cwe-id: CWE-89
+    cpe: cpe:2.3:a:easycorp:zentao:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
     shodan-query: http.title:"zentao"
     fofa-query: "Zentao"
+    product: zentao
+    vendor: easycorp
   tags: cnvd,cnvd2022,zentao,sqli
 variables:
   num: "999999999"

http/cnvd/2022/CNVD-2022-43245.yaml

@@ -6,9 +6,13 @@ info:
   severity: high
   description: |
     e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information.
+  classification:
+    cpe: cpe:2.3:a:weaver:e-office:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
+    vendor: weaver
+    product: e-office
     fofa-query: app="泛微-协同办公OA"
   tags: cnvd,cnvd2022,weaver,e-office,oa,lfi
 
@@ -40,4 +44,4 @@ http:
         status:
           - 200
 
-# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950
+# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950

http/cnvd/2024/CNVD-2024-15077.yaml

@@ -9,9 +9,13 @@ info:
   reference:
     - https://github.com/wy876/POC/blob/main/AJ-Report%E5%BC%80%E6%BA%90%E6%95%B0%E6%8D%AE%E5%A4%A7%E5%B1%8F%E5%AD%98%E5%9C%A8%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md
     - https://github.com/vulhub/vulhub/blob/master/aj-report/CNVD-2024-15077/README.md
+  classification:
+    cpe: cpe:2.3:a:anji-plus:aj-report:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 1
+    vendor: anji-plus
+    product: aj-report
     fofa-query: title="AJ-Report"
   tags: cnvd,cnvd2024,aj-report,rce
 
@@ -42,4 +46,5 @@ http:
       - type: status
         status:
           - 200
+
 # digest: 4a0a00473045022100a0ad6d10ef5ed64fff1a44a4efb42b8c18de347907d77e68fec2a9f796030e8c022003c9c9bcfc6d56d3a3c7988f48874841753487e2ce57d91740ffbe99e3627448:922c64590222798bb761d5b6d8e72950

http/credential-stuffing/self-hosted/grafana-login-check.yaml

@@ -7,10 +7,14 @@ info:
   description: Checks for a valid login on self hosted Grafana instance.
   reference:
     - https://owasp.org/www-community/attacks/Credential_stuffing
+  classification:
+    cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*
   metadata:
     max-request: 1
     shodan-query: title:"Grafana"
     fofa-query: title="Grafana"
+    product: grafana
+    vendor: grafana
   tags: self-hosted,creds-stuffing,login-check,grafana
 variables:
   username: "{{username}}"
@@ -51,4 +55,4 @@ http:
       - type: status
         status:
           - 200
-# digest: 4b0a00483046022100a3f034e7179bdf079b1dc2684546e0aed572c531bfde778a670188f30ca5394d022100b2af74dbd182c70308b657aa3c1481e2b815a5c98dc49d5471f66cd4d4ccf527:922c64590222798bb761d5b6d8e72950
+# digest: 4b0a00483046022100a3f034e7179bdf079b1dc2684546e0aed572c531bfde778a670188f30ca5394d022100b2af74dbd182c70308b657aa3c1481e2b815a5c98dc49d5471f66cd4d4ccf527:922c64590222798bb761d5b6d8e72950

http/cves/2021/CVE-2021-27748.yaml

@@ -16,10 +16,13 @@ info:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27748
   classification:
     cve-id: CVE-2021-27748
+    cpe: cpe:2.3:a:ibm:websphere:*:*:*:*:*:*:*:*
   metadata:
     verified: true
     max-request: 3
     shodan-query: http.html:"IBM WebSphere Portal"
+    product: websphere
+    vendor: ibm
   tags: cve2021,cve,hcl,ibm,ssrf,websphere
 
 flow: http(1) && http(2)
@@ -52,4 +55,4 @@ http:
         part: body
         words:
           - "Interactsh Server"
-# digest: 490a0046304402206c32c2de4201bdd15007eb3bf05d67820708447ab1c65ca0c81c782de9453dfb02202a678eb5d692039657fdff391b654c0bd3cb6c409e784102e62b31e77792bc22:922c64590222798bb761d5b6d8e72950
+# digest: 490a0046304402206c32c2de4201bdd15007eb3bf05d67820708447ab1c65ca0c81c782de9453dfb02202a678eb5d692039657fdff391b654c0bd3cb6c409e784102e62b31e77792bc22:922c64590222798bb761d5b6d8e72950