From 34fb3ae857c74bf8b4e7c3fcfa0bc47532b381a7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Apr 2025 22:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2025/25xxx/CVE-2025-25427.json | 11 +++- 2025/3xxx/CVE-2025-3796.json | 114 +++++++++++++++++++++++++++++++-- 2025/3xxx/CVE-2025-3815.json | 18 ++++++ 2025/43xxx/CVE-2025-43903.json | 62 ++++++++++++++++++ 4 files changed, 198 insertions(+), 7 deletions(-) create mode 100644 2025/3xxx/CVE-2025-3815.json create mode 100644 2025/43xxx/CVE-2025-43903.json diff --git a/2025/25xxx/CVE-2025-25427.json b/2025/25xxx/CVE-2025-25427.json index 56da131917a..f6855a056ca 100644 --- a/2025/25xxx/CVE-2025-25427.json +++ b/2025/25xxx/CVE-2025-25427.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14 <= Build 231119 Rel.67074n allows remote attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded." + "value": "A Stored cross-site scripting (XSS) vulnerability in upnp page of the web Interface in TP-Link WR841N v14/v14.6/v14.8 <= Build 231119 Rel.67074n allows adjacent attackers to inject arbitrary JavaScript code via the port mapping description. This leads to an execution of the JavaScript payload when the upnp page is loaded." } ] }, @@ -32,11 +32,11 @@ "vendor": { "vendor_data": [ { - "vendor_name": "TP-Link", + "vendor_name": "TP-Link Systems Inc.", "product": { "product_data": [ { - "product_name": "TL-WR841N v14", + "product_name": "TL-WR841N v14/v14.6/v14.8", "version": { "version_data": [ { @@ -64,6 +64,11 @@ "url": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware", "refsource": "MISC", "name": "https://www.tp-link.com/en/support/download/tl-wr841n/#Firmware" + }, + { + "url": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/support/download/tl-wr841n/#Firmware" } ] }, diff --git a/2025/3xxx/CVE-2025-3796.json b/2025/3xxx/CVE-2025-3796.json index 0214c7bc71a..94e82bc08af 100644 --- a/2025/3xxx/CVE-2025-3796.json +++ b/2025/3xxx/CVE-2025-3796.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-3796", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in PHPGurukul Men Salon Management System 1.0. This affects an unknown part of the file /admin/contact-us.php. The manipulation of the argument pagetitle/pagedes/email/mobnumber/timing leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PHPGurukul Men Salon Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei /admin/contact-us.php. Durch die Manipulation des Arguments pagetitle/pagedes/email/mobnumber/timing mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Men Salon Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.305649", + "refsource": "MISC", + "name": "https://vuldb.com/?id.305649" + }, + { + "url": "https://vuldb.com/?ctiid.305649", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.305649" + }, + { + "url": "https://vuldb.com/?submit.554659", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.554659" + }, + { + "url": "https://github.com/yaklang/IRifyScanResult/blob/main/Men-Salon-Management-System/sql_inject_in_contact_us.md", + "refsource": "MISC", + "name": "https://github.com/yaklang/IRifyScanResult/blob/main/Men-Salon-Management-System/sql_inject_in_contact_us.md" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "1098024193 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2025/3xxx/CVE-2025-3815.json b/2025/3xxx/CVE-2025-3815.json new file mode 100644 index 00000000000..38e48a83a8b --- /dev/null +++ b/2025/3xxx/CVE-2025-3815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2025-3815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2025/43xxx/CVE-2025-43903.json b/2025/43xxx/CVE-2025-43903.json new file mode 100644 index 00000000000..143f76633f5 --- /dev/null +++ b/2025/43xxx/CVE-2025-43903.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2025-43903", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1b9c830f145a0042e853d6462b2f9ca4016c669" + } + ] + } +} \ No newline at end of file