diff --git a/2014/125xxx/CVE-2014-125029.json b/2014/125xxx/CVE-2014-125029.json index af67da97e9b..19501ee472d 100644 --- a/2014/125xxx/CVE-2014-125029.json +++ b/2014/125xxx/CVE-2014-125029.json @@ -1,17 +1,110 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2014-125029", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In ttskch PaginationServiceProvider bis 0.x wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei demo/index.php der Komponente demo. Durch Beeinflussen des Arguments sort/id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 1.0.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 619de478efce17ece1a3b913ab16e40651e1ea7b bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ttskch", + "product": { + "product_data": [ + { + "product_name": "PaginationServiceProvider", + "version": { + "version_data": [ + { + "version_value": "0.x", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.217150", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217150" + }, + { + "url": "https://vuldb.com/?ctiid.217150", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217150" + }, + { + "url": "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b", + "refsource": "MISC", + "name": "https://github.com/ttskch/PaginationServiceProvider/commit/619de478efce17ece1a3b913ab16e40651e1ea7b" + }, + { + "url": "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0", + "refsource": "MISC", + "name": "https://github.com/ttskch/PaginationServiceProvider/releases/tag/1.0.0" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2021/4xxx/CVE-2021-4301.json b/2021/4xxx/CVE-2021-4301.json index 698b07421a8..e33bb0f5070 100644 --- a/2021/4xxx/CVE-2021-4301.json +++ b/2021/4xxx/CVE-2021-4301.json @@ -1,17 +1,214 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-4301", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in slackero phpwcms bis 1.9.26 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess. Durch die Manipulation des Arguments $phpwcms['db_prepend'] mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 1.9.27 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 77dafb6a8cc1015f0777daeb5792f43beef77a9d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "slackero", + "product": { + "product_data": [ + { + "product_name": "phpwcms", + "version": { + "version_data": [ + { + "version_value": "1.9.0", + "version_affected": "=" + }, + { + "version_value": "1.9.1", + "version_affected": "=" + }, + { + "version_value": "1.9.2", + "version_affected": "=" + }, + { + "version_value": "1.9.3", + "version_affected": "=" + }, + { + "version_value": "1.9.4", + "version_affected": "=" + }, + { + "version_value": "1.9.5", + "version_affected": "=" + }, + { + "version_value": "1.9.6", + "version_affected": "=" + }, + { + "version_value": "1.9.7", + "version_affected": "=" + }, + { + "version_value": "1.9.8", + "version_affected": "=" + }, + { + "version_value": "1.9.9", + "version_affected": "=" + }, + { + "version_value": "1.9.10", + "version_affected": "=" + }, + { + "version_value": "1.9.11", + "version_affected": "=" + }, + { + "version_value": "1.9.12", + "version_affected": "=" + }, + { + "version_value": "1.9.13", + "version_affected": "=" + }, + { + "version_value": "1.9.14", + "version_affected": "=" + }, + { + "version_value": "1.9.15", + "version_affected": "=" + }, + { + "version_value": "1.9.16", + "version_affected": "=" + }, + { + "version_value": "1.9.17", + "version_affected": "=" + }, + { + "version_value": "1.9.18", + "version_affected": "=" + }, + { + "version_value": "1.9.19", + "version_affected": "=" + }, + { + "version_value": "1.9.20", + "version_affected": "=" + }, + { + "version_value": "1.9.21", + "version_affected": "=" + }, + { + "version_value": "1.9.22", + "version_affected": "=" + }, + { + "version_value": "1.9.23", + "version_affected": "=" + }, + { + "version_value": "1.9.24", + "version_affected": "=" + }, + { + "version_value": "1.9.25", + "version_affected": "=" + }, + { + "version_value": "1.9.26", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/releases/tag/v1.9.27" + }, + { + "url": "https://vuldb.com/?id.217418", + "refsource": "MISC", + "name": "https://vuldb.com/?id.217418" + }, + { + "url": "https://vuldb.com/?ctiid.217418", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.217418" + }, + { + "url": "https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d", + "refsource": "MISC", + "name": "https://github.com/slackero/phpwcms/commit/77dafb6a8cc1015f0777daeb5792f43beef77a9d" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "VulDB GitHub Commit Analyzer" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/1xxx/CVE-2022-1101.json b/2022/1xxx/CVE-2022-1101.json index 7409570f51a..512b60ac9d5 100644 --- a/2022/1xxx/CVE-2022-1101.json +++ b/2022/1xxx/CVE-2022-1101.json @@ -1,17 +1,100 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1101", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Royale Event Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /royal_event/userregister.php. Durch das Manipulieren mit unbekannten Daten kann eine improper authentication-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication", + "cweId": "CWE-287" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Royale Event Management System", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195785", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195785" + }, + { + "url": "https://vuldb.com/?ctiid.195785", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.195785" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mrempy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" } ] } diff --git a/2022/1xxx/CVE-2022-1102.json b/2022/1xxx/CVE-2022-1102.json index 2acafbf92db..3eaa5e21d96 100644 --- a/2022/1xxx/CVE-2022-1102.json +++ b/2022/1xxx/CVE-2022-1102.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in SourceCodester Royale Event Management System 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /royal_event/companyprofile.php. Durch Manipulieren des Arguments companyname/regno/companyaddress/companyemail mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Royale Event Management System", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.195786", + "refsource": "MISC", + "name": "https://vuldb.com/?id.195786" + }, + { + "url": "https://vuldb.com/?ctiid.195786", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.195786" + }, + { + "url": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?", + "refsource": "MISC", + "name": "https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html?" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "mrempy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2022/2xxx/CVE-2022-2666.json b/2022/2xxx/CVE-2022-2666.json index a852c633ea7..7915e52210d 100644 --- a/2022/2xxx/CVE-2022-2666.json +++ b/2022/2xxx/CVE-2022-2666.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Loan Management System wurde eine kritische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei login.php. Mittels Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Loan Management System", + "version": { + "version_data": [ + { + "version_value": "n/a", + "version_affected": "=" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/cxaqhq/Loan-Management-System-Sqlinjection", + "refsource": "MISC", + "name": "https://github.com/cxaqhq/Loan-Management-System-Sqlinjection" + }, + { + "url": "https://vuldb.com/?id.205618", + "refsource": "MISC", + "name": "https://vuldb.com/?id.205618" + }, + { + "url": "https://vuldb.com/?ctiid.205618", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.205618" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "cxaqhq (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] }