diff --git a/2023/39xxx/CVE-2023-39784.json b/2023/39xxx/CVE-2023-39784.json index cd5ba16ffff..7673af1d864 100644 --- a/2023/39xxx/CVE-2023-39784.json +++ b/2023/39xxx/CVE-2023-39784.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39784", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39784", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tenda.com", + "refsource": "MISC", + "name": "http://tenda.com" + }, + { + "url": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4", + "refsource": "MISC", + "name": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4" } ] } diff --git a/2023/39xxx/CVE-2023-39785.json b/2023/39xxx/CVE-2023-39785.json index 653eb3c3a46..017a1e589d2 100644 --- a/2023/39xxx/CVE-2023-39785.json +++ b/2023/39xxx/CVE-2023-39785.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39785", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39785", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tenda.com", + "refsource": "MISC", + "name": "http://tenda.com" + }, + { + "url": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/2", + "refsource": "MISC", + "name": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/2" } ] } diff --git a/2023/39xxx/CVE-2023-39786.json b/2023/39xxx/CVE-2023-39786.json index d4ac03f0b61..8d01dfd21c2 100644 --- a/2023/39xxx/CVE-2023-39786.json +++ b/2023/39xxx/CVE-2023-39786.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39786", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39786", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://tenda.com", + "refsource": "MISC", + "name": "http://tenda.com" + }, + { + "url": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/3", + "refsource": "MISC", + "name": "https://github.com/Xunflash/IOT/tree/main/Tenda_AC8_V4/3" } ] } diff --git a/2023/39xxx/CVE-2023-39807.json b/2023/39xxx/CVE-2023-39807.json index b8801e95f34..24c38404dbd 100644 --- a/2023/39xxx/CVE-2023-39807.json +++ b/2023/39xxx/CVE-2023-39807.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39807", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39807", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ibsg.com", + "refsource": "MISC", + "name": "http://ibsg.com" + }, + { + "url": "http://nvkinter.com", + "refsource": "MISC", + "name": "http://nvkinter.com" } ] } diff --git a/2023/39xxx/CVE-2023-39808.json b/2023/39xxx/CVE-2023-39808.json index 3fbfe3951e5..9e9d78b006c 100644 --- a/2023/39xxx/CVE-2023-39808.json +++ b/2023/39xxx/CVE-2023-39808.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39808", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39808", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ibsg.com", + "refsource": "MISC", + "name": "http://ibsg.com" + }, + { + "url": "http://nvkinter.com", + "refsource": "MISC", + "name": "http://nvkinter.com" } ] } diff --git a/2023/39xxx/CVE-2023-39809.json b/2023/39xxx/CVE-2023-39809.json index 2049b55fd4b..1ab51487e2a 100644 --- a/2023/39xxx/CVE-2023-39809.json +++ b/2023/39xxx/CVE-2023-39809.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-39809", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-39809", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://ibsg.com", + "refsource": "MISC", + "name": "http://ibsg.com" + }, + { + "url": "http://nvkinter.com", + "refsource": "MISC", + "name": "http://nvkinter.com" } ] } diff --git a/2023/40xxx/CVE-2023-40252.json b/2023/40xxx/CVE-2023-40252.json index ae2d6af03e3..ad3cf41a02d 100644 --- a/2023/40xxx/CVE-2023-40252.json +++ b/2023/40xxx/CVE-2023-40252.json @@ -170,14 +170,14 @@ "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", - "baseScore": 7.7, + "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2023/40xxx/CVE-2023-40253.json b/2023/40xxx/CVE-2023-40253.json index e367e1d0081..9723467b2ae 100644 --- a/2023/40xxx/CVE-2023-40253.json +++ b/2023/40xxx/CVE-2023-40253.json @@ -170,14 +170,14 @@ "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", - "baseScore": 7.7, + "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } ] diff --git a/2023/40xxx/CVE-2023-40254.json b/2023/40xxx/CVE-2023-40254.json index b029037ab91..ceaf2da693d 100644 --- a/2023/40xxx/CVE-2023-40254.json +++ b/2023/40xxx/CVE-2023-40254.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n" + "value": "Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.\n\n" } ] }, @@ -21,8 +21,8 @@ "description": [ { "lang": "eng", - "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')", - "cweId": "CWE-94" + "value": "CWE-494 Download of Code Without Integrity Check", + "cweId": "CWE-494" } ] } diff --git a/2023/4xxx/CVE-2023-4443.json b/2023/4xxx/CVE-2023-4443.json index c5aab12dde3..c93ae3e5aeb 100644 --- a/2023/4xxx/CVE-2023-4443.json +++ b/2023/4xxx/CVE-2023-4443.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\\doctor\\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei vm\\doctor\\edit-doc.php. Durch Manipulieren des Arguments id00/nic/oldemail/email/spec/Tele mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Free Hospital Management System for Small Practices", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + }, + { + "version_affected": "=", + "version_value": "5.0.12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237564", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237564" + }, + { + "url": "https://vuldb.com/?ctiid.237564", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237564" + }, + { + "url": "https://github.com/CookedMelon/cve/tree/master/hospital/doctor-edit", + "refsource": "MISC", + "name": "https://github.com/CookedMelon/cve/tree/master/hospital/doctor-edit" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "CookedMelon (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4444.json b/2023/4xxx/CVE-2023-4444.json index b122ccd6889..33c2341f082 100644 --- a/2023/4xxx/CVE-2023-4444.json +++ b/2023/4xxx/CVE-2023-4444.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\\patient\\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237565 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Free Hospital Management System for Small Practices 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei vm\\patient\\edit-user.php. Durch das Beeinflussen des Arguments id00/nic/oldemail/email/spec/Tele mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Free Hospital Management System for Small Practices", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237565", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237565" + }, + { + "url": "https://vuldb.com/?ctiid.237565", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237565" + }, + { + "url": "https://github.com/CookedMelon/cve/tree/master/hospital/patient-edit", + "refsource": "MISC", + "name": "https://github.com/CookedMelon/cve/tree/master/hospital/patient-edit" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "CookedMelon (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4445.json b/2023/4xxx/CVE-2023-4445.json index 5c48ad50f2d..cbb03162ed9 100644 --- a/2023/4xxx/CVE-2023-4445.json +++ b/2023/4xxx/CVE-2023-4445.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237566 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in Mini-Tmall bis 20230811 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei product/1/1?test=1&test2=2&. Durch Beeinflussen des Arguments orderBy mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Mini-Tmall", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "20230811" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237566", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237566" + }, + { + "url": "https://vuldb.com/?ctiid.237566", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237566" + }, + { + "url": "https://github.com/FFR66/Mini-Tmall_SQL/blob/main/README.md", + "refsource": "MISC", + "name": "https://github.com/FFR66/Mini-Tmall_SQL/blob/main/README.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fkalis (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/4xxx/CVE-2023-4446.json b/2023/4xxx/CVE-2023-4446.json index 31ce3252ab5..e1b8451e669 100644 --- a/2023/4xxx/CVE-2023-4446.json +++ b/2023/4xxx/CVE-2023-4446.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4446", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file template/default/category.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237567." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in OpenRapid RapidCMS 1.3.1 gefunden. Es geht dabei um eine nicht klar definierte Funktion der Datei template/default/category.php. Dank der Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenRapid", + "product": { + "product_data": [ + { + "product_name": "RapidCMS", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.237567", + "refsource": "MISC", + "name": "https://vuldb.com/?id.237567" + }, + { + "url": "https://vuldb.com/?ctiid.237567", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.237567" + }, + { + "url": "https://github.com/OpenRapid/rapidcms/issues/3", + "refsource": "MISC", + "name": "https://github.com/OpenRapid/rapidcms/issues/3" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "TXPH (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] }