From 26c2a78014c787f4ec1e55d0f872c4eb61764ca6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 21 Dec 2023 16:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/42xxx/CVE-2023-42792.json | 5 ++ 2023/45xxx/CVE-2023-45115.json | 83 ++++++++++++++++++++- 2023/45xxx/CVE-2023-45116.json | 83 ++++++++++++++++++++- 2023/45xxx/CVE-2023-45117.json | 83 ++++++++++++++++++++- 2023/45xxx/CVE-2023-45118.json | 83 ++++++++++++++++++++- 2023/45xxx/CVE-2023-45498.json | 5 ++ 2023/45xxx/CVE-2023-45499.json | 5 ++ 2023/47xxx/CVE-2023-47265.json | 5 ++ 2023/48xxx/CVE-2023-48114.json | 7 +- 2023/48xxx/CVE-2023-48115.json | 7 +- 2023/48xxx/CVE-2023-48116.json | 7 +- 2023/48xxx/CVE-2023-48291.json | 5 ++ 2023/49xxx/CVE-2023-49920.json | 5 ++ 2023/4xxx/CVE-2023-4911.json | 5 ++ 2023/50xxx/CVE-2023-50783.json | 5 ++ 2023/51xxx/CVE-2023-51048.json | 56 ++++++++++++-- 2023/51xxx/CVE-2023-51049.json | 56 ++++++++++++-- 2023/51xxx/CVE-2023-51050.json | 56 ++++++++++++-- 2023/51xxx/CVE-2023-51051.json | 56 ++++++++++++-- 2023/51xxx/CVE-2023-51052.json | 56 ++++++++++++-- 2023/51xxx/CVE-2023-51656.json | 5 ++ 2023/51xxx/CVE-2023-51686.json | 18 +++++ 2023/7xxx/CVE-2023-7036.json | 131 ++++++++++++++++++++++++++++++++- 2023/7xxx/CVE-2023-7048.json | 18 +++++ 2023/7xxx/CVE-2023-7049.json | 18 +++++ 25 files changed, 810 insertions(+), 53 deletions(-) create mode 100644 2023/51xxx/CVE-2023-51686.json create mode 100644 2023/7xxx/CVE-2023-7048.json create mode 100644 2023/7xxx/CVE-2023-7049.json diff --git a/2023/42xxx/CVE-2023-42792.json b/2023/42xxx/CVE-2023-42792.json index 15d608708f8..868843f60f8 100644 --- a/2023/42xxx/CVE-2023-42792.json +++ b/2023/42xxx/CVE-2023-42792.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", "refsource": "MISC", "name": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/1" } ] }, diff --git a/2023/45xxx/CVE-2023-45115.json b/2023/45xxx/CVE-2023-45115.json index 83d4d56ca89..dabb04d5879 100644 --- a/2023/45xxx/CVE-2023-45115.json +++ b/2023/45xxx/CVE-2023-45115.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'ch' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Projectworlds Pvt. Limited", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/argerich/" + }, + { + "url": "https://projectworlds.in/", + "refsource": "MISC", + "name": "https://projectworlds.in/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45116.json b/2023/45xxx/CVE-2023-45116.json index 0ab2c4d8b8a..744be843ca9 100644 --- a/2023/45xxx/CVE-2023-45116.json +++ b/2023/45xxx/CVE-2023-45116.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'demail' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Projectworlds Pvt. Limited", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/argerich/" + }, + { + "url": "https://projectworlds.in/", + "refsource": "MISC", + "name": "https://projectworlds.in/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45117.json b/2023/45xxx/CVE-2023-45117.json index d4925c6fa79..7581a8cf3d9 100644 --- a/2023/45xxx/CVE-2023-45117.json +++ b/2023/45xxx/CVE-2023-45117.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'eid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Projectworlds Pvt. Limited", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/argerich/" + }, + { + "url": "https://projectworlds.in/", + "refsource": "MISC", + "name": "https://projectworlds.in/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45118.json b/2023/45xxx/CVE-2023-45118.json index c12d20b9c0b..b8258366ed9 100644 --- a/2023/45xxx/CVE-2023-45118.json +++ b/2023/45xxx/CVE-2023-45118.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-45118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities.\u00a0The 'fdid' parameter of the update.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Projectworlds Pvt. Limited", + "product": { + "product_data": [ + { + "product_name": "Online Examination System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/argerich/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/argerich/" + }, + { + "url": "https://projectworlds.in/", + "refsource": "MISC", + "name": "https://projectworlds.in/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/45xxx/CVE-2023-45498.json b/2023/45xxx/CVE-2023-45498.json index aa9c732c3c5..64ab86245d3 100644 --- a/2023/45xxx/CVE-2023-45498.json +++ b/2023/45xxx/CVE-2023-45498.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html" } ] } diff --git a/2023/45xxx/CVE-2023-45499.json b/2023/45xxx/CVE-2023-45499.json index e5e1b5df980..bc09f1d285c 100644 --- a/2023/45xxx/CVE-2023-45499.json +++ b/2023/45xxx/CVE-2023-45499.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/175397/VinChin-VMWare-Backup-7.0-Hardcoded-Credential-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/176289/Vinchin-Backup-And-Recovery-Command-Injection.html" } ] } diff --git a/2023/47xxx/CVE-2023-47265.json b/2023/47xxx/CVE-2023-47265.json index 0d4a5b5e83d..0c254d9b69e 100644 --- a/2023/47xxx/CVE-2023-47265.json +++ b/2023/47xxx/CVE-2023-47265.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr", "refsource": "MISC", "name": "https://lists.apache.org/thread/128f3zl375vb1qv93k82zhnwkpl233pr" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/2" } ] }, diff --git a/2023/48xxx/CVE-2023-48114.json b/2023/48xxx/CVE-2023-48114.json index c290f679fc5..7989ba22554 100644 --- a/2023/48xxx/CVE-2023-48114.json +++ b/2023/48xxx/CVE-2023-48114.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name." + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs because the application tries to allow youtube.com URLs, but actually allows youtube.com followed by an @ character and an attacker-controlled domain name." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, { "refsource": "MISC", "name": "https://co3us.gitbook.io/write-ups/stored-xss-in-email-body-of-smartermail-cve-2023-48114", diff --git a/2023/48xxx/CVE-2023-48115.json b/2023/48xxx/CVE-2023-48115.json index 66fcba488ac..467b9e9d37e 100644 --- a/2023/48xxx/CVE-2023-48115.json +++ b/2023/48xxx/CVE-2023-48115.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request." + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, { "refsource": "MISC", "name": "https://co3us.gitbook.io/write-ups/stored-dom-xss-in-email-body-of-smartermail", diff --git a/2023/48xxx/CVE-2023-48116.json b/2023/48xxx/CVE-2023-48116.json index 401a28b000d..6b495db4693 100644 --- a/2023/48xxx/CVE-2023-48116.json +++ b/2023/48xxx/CVE-2023-48116.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment." + "value": "SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.smartertools.com/smartermail/release-notes/current", + "url": "https://www.smartertools.com/smartermail/release-notes/current" + }, { "refsource": "MISC", "name": "https://co3us.gitbook.io/write-ups/stored-xss-in-calendar-component-of-smartermail-cve-2023-48116", diff --git a/2023/48xxx/CVE-2023-48291.json b/2023/48xxx/CVE-2023-48291.json index c1cba33efb5..4e6a943f7a4 100644 --- a/2023/48xxx/CVE-2023-48291.json +++ b/2023/48xxx/CVE-2023-48291.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", "refsource": "MISC", "name": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/1" } ] }, diff --git a/2023/49xxx/CVE-2023-49920.json b/2023/49xxx/CVE-2023-49920.json index 2d7714fbf70..407d1220cca 100644 --- a/2023/49xxx/CVE-2023-49920.json +++ b/2023/49xxx/CVE-2023-49920.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq", "refsource": "MISC", "name": "https://lists.apache.org/thread/mnwd2vcfw3gms6ft6kl951vfbqrxsnjq" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/3" } ] }, diff --git a/2023/4xxx/CVE-2023-4911.json b/2023/4xxx/CVE-2023-4911.json index 608ae905da5..9541c87897e 100644 --- a/2023/4xxx/CVE-2023-4911.json +++ b/2023/4xxx/CVE-2023-4911.json @@ -362,6 +362,11 @@ "url": "https://www.qualys.com/cve-2023-4911/", "refsource": "MISC", "name": "https://www.qualys.com/cve-2023-4911/" + }, + { + "url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html" } ] }, diff --git a/2023/50xxx/CVE-2023-50783.json b/2023/50xxx/CVE-2023-50783.json index 884e7dcb66f..ec61e1e9447 100644 --- a/2023/50xxx/CVE-2023-50783.json +++ b/2023/50xxx/CVE-2023-50783.json @@ -64,6 +64,11 @@ "url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", "refsource": "MISC", "name": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/4" } ] }, diff --git a/2023/51xxx/CVE-2023-51048.json b/2023/51xxx/CVE-2023-51048.json index e4dc254447c..5f0cde0ab94 100644 --- a/2023/51xxx/CVE-2023-51048.json +++ b/2023/51xxx/CVE-2023-51048.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "refsource": "MISC", + "name": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b" } ] } diff --git a/2023/51xxx/CVE-2023-51049.json b/2023/51xxx/CVE-2023-51049.json index ca4d843429b..041c27d839b 100644 --- a/2023/51xxx/CVE-2023-51049.json +++ b/2023/51xxx/CVE-2023-51049.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "refsource": "MISC", + "name": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b" } ] } diff --git a/2023/51xxx/CVE-2023-51050.json b/2023/51xxx/CVE-2023-51050.json index 9c894865b62..bf3461b81d9 100644 --- a/2023/51xxx/CVE-2023-51050.json +++ b/2023/51xxx/CVE-2023-51050.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51050", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51050", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "refsource": "MISC", + "name": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b" } ] } diff --git a/2023/51xxx/CVE-2023-51051.json b/2023/51xxx/CVE-2023-51051.json index 77e65a60980..b88cbe43c95 100644 --- a/2023/51xxx/CVE-2023-51051.json +++ b/2023/51xxx/CVE-2023-51051.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51051", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51051", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "refsource": "MISC", + "name": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b" } ] } diff --git a/2023/51xxx/CVE-2023-51052.json b/2023/51xxx/CVE-2023-51052.json index dff900af443..fdbca496b77 100644 --- a/2023/51xxx/CVE-2023-51052.json +++ b/2023/51xxx/CVE-2023-51052.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-51052", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-51052", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b", + "refsource": "MISC", + "name": "https://www.notion.so/scms5-0-sql-injection-94c791a563d1481a9439fa98a1bc9a1b" } ] } diff --git a/2023/51xxx/CVE-2023-51656.json b/2023/51xxx/CVE-2023-51656.json index f74b360f525..5e6c28a68ca 100644 --- a/2023/51xxx/CVE-2023-51656.json +++ b/2023/51xxx/CVE-2023-51656.json @@ -59,6 +59,11 @@ "url": "https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc", "refsource": "MISC", "name": "https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2023/12/21/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2023/12/21/5" } ] }, diff --git a/2023/51xxx/CVE-2023-51686.json b/2023/51xxx/CVE-2023-51686.json new file mode 100644 index 00000000000..39f860d5876 --- /dev/null +++ b/2023/51xxx/CVE-2023-51686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-51686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/7xxx/CVE-2023-7036.json b/2023/7xxx/CVE-2023-7036.json index 6294b40bc63..c9c9d7d55e7 100644 --- a/2023/7xxx/CVE-2023-7036.json +++ b/2023/7xxx/CVE-2023-7036.json @@ -1,17 +1,140 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-7036", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in automad up to 1.10.9. It has been classified as problematic. This affects the function upload of the file FileCollectionController.php of the component Content Type Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in automad bis 1.10.9 ausgemacht. Sie wurde als problematisch eingestuft. Es betrifft die Funktion upload der Datei FileCollectionController.php der Komponente Content Type Handler. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "automad", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.10.0" + }, + { + "version_affected": "=", + "version_value": "1.10.1" + }, + { + "version_affected": "=", + "version_value": "1.10.2" + }, + { + "version_affected": "=", + "version_value": "1.10.3" + }, + { + "version_affected": "=", + "version_value": "1.10.4" + }, + { + "version_affected": "=", + "version_value": "1.10.5" + }, + { + "version_affected": "=", + "version_value": "1.10.6" + }, + { + "version_affected": "=", + "version_value": "1.10.7" + }, + { + "version_affected": "=", + "version_value": "1.10.8" + }, + { + "version_affected": "=", + "version_value": "1.10.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.248685", + "refsource": "MISC", + "name": "https://vuldb.com/?id.248685" + }, + { + "url": "https://vuldb.com/?ctiid.248685", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.248685" + }, + { + "url": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload", + "refsource": "MISC", + "name": "https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Maland (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.7, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.8, + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P" } ] } diff --git a/2023/7xxx/CVE-2023-7048.json b/2023/7xxx/CVE-2023-7048.json new file mode 100644 index 00000000000..628d22694ef --- /dev/null +++ b/2023/7xxx/CVE-2023-7048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/7xxx/CVE-2023-7049.json b/2023/7xxx/CVE-2023-7049.json new file mode 100644 index 00000000000..6e1a326777b --- /dev/null +++ b/2023/7xxx/CVE-2023-7049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file