admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-08-29 13:00:35 +00:00
parent c6033ea02a
commit 137adc6209
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 652 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2024/1xxx/CVE-2024-1384.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "averta",
"product": {
"product_data": [
{
"product_name": "Premium Portfolio Features for Phlox theme",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "2.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4475cbd4-07cf-499a-a11a-b63eb9184568?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4475cbd4-07cf-499a-a11a-b63eb9184568?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/auxin-portfolio/trunk/includes/elements/recent-portfolios.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/auxin-portfolio/trunk/includes/elements/recent-portfolios.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Lucio S\u00e1"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
}
]
}

13
2024/22xxx/CVE-2024-22425.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nDell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.\n\n"
"value": "Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner."
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": " 5.3 SP2"
"version_value": "5.3 SP2"
},
{
"version_affected": "=",
@ -62,6 +62,10 @@
{
"version_affected": "=",
"version_value": "5.3 SP3 P2"
},
{
"version_affected": "=",
"version_value": "6.0.SP1"
}
]
}
@ -78,6 +82,11 @@
"url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
},
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
}
]
},

11
2024/22xxx/CVE-2024-22426.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\nDell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote\nattacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.\n\n"
"value": "Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise."
}
]
},
@ -62,6 +62,10 @@
{
"version_affected": "=",
"version_value": "5.3 SP3 P2"
},
{
"version_affected": "=",
"version_value": "6.0.SP1"
}
]
}
@ -78,6 +82,11 @@
"url": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
},
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities",
"refsource": "MISC",
"name": "https://www.dell.com/support/kbdoc/en-us/000228154/dsa-2024-369-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities"
}
]
},

76
2024/2xxx/CVE-2024-2541.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-2541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Popup Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the Subscribers Import feature. This makes it possible for unauthenticated attackers to extract sensitive data after an administrator has imported subscribers via a CSV file. This data may include the first name, last name, e-mail address, and potentially other personally identifiable information of subscribers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "popupbuilder",
"product": {
"product_data": [
{
"product_name": "Popup Builder \u2013 Create highly converting, mobile friendly marketing popups.",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "4.3.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/086cd6a0-adb6-4e12-b34c-630297f036f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/popup-builder/trunk/com/libs/Importer.php",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/popup-builder/trunk/com/libs/Importer.php"
}
]
},
"credits": [
{
"lang": "en",
"value": "Tim Coen"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

76
2024/3xxx/CVE-2024-3679.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3679",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Premium SEO Pack \u2013 WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password protected posts through the social meta data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "calinvingan",
"product": {
"product_data": [
{
"product_name": "Premium SEO Pack \u2013 WP SEO Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.6.001"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ccb65de5-bfb5-47db-87c9-ad46e65924b8?source=cve"
},
{
"url": "https://wordpress.org/plugins/premium-seo-pack/",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/premium-seo-pack/"
}
]
},
"credits": [
{
"lang": "en",
"value": "Krzysztof Zaj\u0105c"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
]
}

104
2024/8xxx/CVE-2024-8295.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in FeehiCMS up to 2.1.1 and classified as critical. This vulnerability affects the function createBanner of the file /admin/index.php?r=banner%2Fbanner-create. The manipulation of the argument BannerForm[img] leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In FeehiCMS bis 2.1.1 wurde eine kritische Schwachstelle gefunden. Es geht um die Funktion createBanner der Datei /admin/index.php?r=banner%2Fbanner-create. Durch die Manipulation des Arguments BannerForm[img] mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FeehiCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276070",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276070"
},
{
"url": "https://vuldb.com/?ctiid.276070",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276070"
},
{
"url": "https://vuldb.com/?submit.394560",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.394560"
},
{
"url": "https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload2/Fichkems%20banner%20file%20upload%20vulnerability.md",
"refsource": "MISC",
"name": "https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload2/Fichkems%20banner%20file%20upload%20vulnerability.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "0kooo (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

104
2024/8xxx/CVE-2024-8296.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in FeehiCMS up to 2.1.1 and classified as critical. This issue affects the function insert of the file /admin/index.php?r=user%2Fcreate. The manipulation of the argument User[avatar] leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in FeehiCMS bis 2.1.1 gefunden. Es geht hierbei um die Funktion insert der Datei /admin/index.php?r=user%2Fcreate. Durch Manipulation des Arguments User[avatar] mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "FeehiCMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.1.0"
},
{
"version_affected": "=",
"version_value": "2.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276071",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276071"
},
{
"url": "https://vuldb.com/?ctiid.276071",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276071"
},
{
"url": "https://vuldb.com/?submit.394568",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.394568"
},
{
"url": "https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload3/Fichkems%20user%20file%20upload%20vulnerability.md",
"refsource": "MISC",
"name": "https://gitee.com/A0kooo/cve_article/blob/master/feehi_cms/file_upload3/Fichkems%20user%20file%20upload%20vulnerability.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "0kooo (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

105
2024/8xxx/CVE-2024-8297.json
View File

@ -1,17 +1,114 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8297",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token_middleware.go. The manipulation of the argument Authorization leads to improper output neutralization for logs. It is possible to launch the attack remotely. The name of the patch is 81b3336b4c9240f0bf50c13cb8375cf860d945f1. It is recommended to apply a patch to fix this issue."
},
{
"lang": "deu",
"value": "Es wurde eine problematische Schwachstelle in kitsada8621 Digital Library Management System 1.0 ausgemacht. Es geht dabei um die Funktion JwtRefreshAuth der Datei middleware/jwt_refresh_token_middleware.go. Mittels dem Manipulieren des Arguments Authorization mit unbekannten Daten kann eine improper output neutralization for logs-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Patch wird als 81b3336b4c9240f0bf50c13cb8375cf860d945f1 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-117 Improper Output Neutralization for Logs",
"cweId": "CWE-117"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kitsada8621",
"product": {
"product_data": [
{
"product_name": "Digital Library Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276072",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276072"
},
{
"url": "https://vuldb.com/?ctiid.276072",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276072"
},
{
"url": "https://vuldb.com/?submit.394613",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.394613"
},
{
"url": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1",
"refsource": "MISC",
"name": "https://github.com/kitsada8621/Digital-Library-Management-System/issues/1"
},
{
"url": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1",
"refsource": "MISC",
"name": "https://github.com/kitsada8621/Digital-Library-Management-System/commit/81b3336b4c9240f0bf50c13cb8375cf860d945f1"
}
]
},
"credits": [
{
"lang": "en",
"value": "zihe (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 5.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 5.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"
}
]
}

100
2024/8xxx/CVE-2024-8301.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8301",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax/checkin.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In dingfanzu CMS bis 29d67d9044f6f93378e6eb6ff92272217ff7225c wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /ajax/checkin.php. Mittels Manipulieren des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt setzt Rolling Releases ein. Aus diesem Grund sind Details zu betroffenen oder zu aktualisierende Versionen nicht verf\u00fcgbar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dingfanzu",
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "29d67d9044f6f93378e6eb6ff92272217ff7225c"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.276073",
"refsource": "MISC",
"name": "https://vuldb.com/?id.276073"
},
{
"url": "https://vuldb.com/?ctiid.276073",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.276073"
},
{
"url": "https://vuldb.com/?submit.396294",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.396294"
},
{
"url": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md",
"refsource": "MISC",
"name": "https://github.com/Xor-Gerke/webray.com.cn/blob/main/cve/dingfanzu-CMS/dingfanzu-CMS%20checkin.php%20username%20SQL-inject.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "fjjwebray.com.cn (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

18
2024/8xxx/CVE-2024-8307.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-8307",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}