diff --git a/2023/51xxx/CVE-2023-51385.json b/2023/51xxx/CVE-2023-51385.json index 933665d5dca..cf6a1d64b38 100644 --- a/2023/51xxx/CVE-2023-51385.json +++ b/2023/51xxx/CVE-2023-51385.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20231226 [SECURITY] [DLA 3694-1] openssh security update", "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20231226 CVE-2023-51385, CVE-2023-6004: OpenSSH, libssh: Security weakness in ProxyCommand handling", + "url": "http://www.openwall.com/lists/oss-security/2023/12/26/4" } ] } diff --git a/2023/52xxx/CVE-2023-52086.json b/2023/52xxx/CVE-2023-52086.json index c2984d381a4..017d6542da6 100644 --- a/2023/52xxx/CVE-2023-52086.json +++ b/2023/52xxx/CVE-2023-52086.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-52086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-52086", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/dilab/resumable.php/issues/34", + "refsource": "MISC", + "name": "https://github.com/dilab/resumable.php/issues/34" + }, + { + "url": "https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477eee642836cab3b4", + "refsource": "MISC", + "name": "https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477eee642836cab3b4" + }, + { + "url": "https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b4738a5a4dd0832a926", + "refsource": "MISC", + "name": "https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b4738a5a4dd0832a926" + }, + { + "url": "https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d417933787232a64304b", + "refsource": "MISC", + "name": "https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d417933787232a64304b" + }, + { + "url": "https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aac45653b", + "refsource": "MISC", + "name": "https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aac45653b" } ] } diff --git a/2023/52xxx/CVE-2023-52087.json b/2023/52xxx/CVE-2023-52087.json new file mode 100644 index 00000000000..30041adc37b --- /dev/null +++ b/2023/52xxx/CVE-2023-52087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52088.json b/2023/52xxx/CVE-2023-52088.json new file mode 100644 index 00000000000..b8aa5b09b0c --- /dev/null +++ b/2023/52xxx/CVE-2023-52088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52089.json b/2023/52xxx/CVE-2023-52089.json new file mode 100644 index 00000000000..78a52926b12 --- /dev/null +++ b/2023/52xxx/CVE-2023-52089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52090.json b/2023/52xxx/CVE-2023-52090.json new file mode 100644 index 00000000000..58bffbc9eb9 --- /dev/null +++ b/2023/52xxx/CVE-2023-52090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52091.json b/2023/52xxx/CVE-2023-52091.json new file mode 100644 index 00000000000..a15f521266a --- /dev/null +++ b/2023/52xxx/CVE-2023-52091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52092.json b/2023/52xxx/CVE-2023-52092.json new file mode 100644 index 00000000000..2449e73db9f --- /dev/null +++ b/2023/52xxx/CVE-2023-52092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52093.json b/2023/52xxx/CVE-2023-52093.json new file mode 100644 index 00000000000..a08802e4ad8 --- /dev/null +++ b/2023/52xxx/CVE-2023-52093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52094.json b/2023/52xxx/CVE-2023-52094.json new file mode 100644 index 00000000000..3ac5300d4d8 --- /dev/null +++ b/2023/52xxx/CVE-2023-52094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/52xxx/CVE-2023-52095.json b/2023/52xxx/CVE-2023-52095.json new file mode 100644 index 00000000000..2bfb39f8bd5 --- /dev/null +++ b/2023/52xxx/CVE-2023-52095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-52095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5203.json b/2023/5xxx/CVE-2023-5203.json index 2c6a9b81d5e..d407d29fbf4 100644 --- a/2023/5xxx/CVE-2023-5203.json +++ b/2023/5xxx/CVE-2023-5203.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5203", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated attackers to extract sensitive data from the database via blind time based SQL injection techniques, or in some cases an error/union based technique." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Sessions Time Monitoring Full Automatic", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.0.9" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7f4f505b-2667-4e0f-9841-9c1cd0831932" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Nicolas Surribas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5644.json b/2023/5xxx/CVE-2023-5644.json index dbafb83ff56..beac4b11992 100644 --- a/2023/5xxx/CVE-2023-5644.json +++ b/2023/5xxx/CVE-2023-5644.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863 Incorrect Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mail Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/08f1d623-0453-4103-a9aa-2d0ddb6eb69e" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "dc11" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5645.json b/2023/5xxx/CVE-2023-5645.json index 25839b43543..3f4dec0ee92 100644 --- a/2023/5xxx/CVE-2023-5645.json +++ b/2023/5xxx/CVE-2023-5645.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mail Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/e392fb53-66e9-4c43-9e4f-f4ea7c561551", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/e392fb53-66e9-4c43-9e4f-f4ea7c561551" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "dc11" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5672.json b/2023/5xxx/CVE-2023-5672.json index d3a677ea06c..c32bf9440b3 100644 --- a/2023/5xxx/CVE-2023-5672.json +++ b/2023/5xxx/CVE-2023-5672.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the contents of arbitrary files." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mail Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/7c1dff5b-bed3-49f8-96cc-1bc9abe78749" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "dc11" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5673.json b/2023/5xxx/CVE-2023-5673.json index 116cc0e533c..4c50bf150e9 100644 --- a/2023/5xxx/CVE-2023-5673.json +++ b/2023/5xxx/CVE-2023-5673.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mail Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/231f72bf-9ad0-417e-b7a0-3555875749e9" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "dc11" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5674.json b/2023/5xxx/CVE-2023-5674.json index 6310b5bb90e..556df384aaa 100644 --- a/2023/5xxx/CVE-2023-5674.json +++ b/2023/5xxx/CVE-2023-5674.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Contributor." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "WP Mail Log", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/32a23d0d-7ece-4870-a99d-f3f344be2d67" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "dc11" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5931.json b/2023/5xxx/CVE-2023-5931.json index a1fdf0e2c88..963a54535a5 100644 --- a/2023/5xxx/CVE-2023-5931.json +++ b/2023/5xxx/CVE-2023-5931.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5931", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "rtMedia for WordPress, BuddyPress and bbPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.6.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/3d6889e3-a01b-4e7f-868f-af7cc8c7531a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5939.json b/2023/5xxx/CVE-2023-5939.json index df2919df03b..8ead82a1c95 100644 --- a/2023/5xxx/CVE-2023-5939.json +++ b/2023/5xxx/CVE-2023-5939.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5939", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94 Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "rtMedia for WordPress, BuddyPress and bbPress", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.6.16" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/db5d41fc-bcd3-414f-aa99-54d5537007bc" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Alex Sanford" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5980.json b/2023/5xxx/CVE-2023-5980.json index 919b36b54f2..86320c8bced 100644 --- a/2023/5xxx/CVE-2023-5980.json +++ b/2023/5xxx/CVE-2023-5980.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5980", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "BSK Forms Blacklist", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/b621261b-ae18-4853-9ace-7b773810529a", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/b621261b-ae18-4853-9ace-7b773810529a" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Bob Matyas" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5991.json b/2023/5xxx/CVE-2023-5991.json index 9d974fcef0d..5343bda0590 100644 --- a/2023/5xxx/CVE-2023-5991.json +++ b/2023/5xxx/CVE-2023-5991.json @@ -1,18 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5991", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Hotel Booking Lite", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6114.json b/2023/6xxx/CVE-2023-6114.json index 27710dbeb05..7a0053b124b 100644 --- a/2023/6xxx/CVE-2023-6114.json +++ b/2023/6xxx/CVE-2023-6114.json @@ -1,18 +1,97 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6114", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Duplicator", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.5.7.1" + } + ] + } + }, + { + "product_name": "Duplicator Pro", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "4.5.14.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/5c5d41b9-1463-4a9b-862f-e9ee600ef8e1" + }, + { + "url": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1mpapFCqfZLv__EAM7uivrrl2h55rpi1V/view?usp=sharing" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Dmitrii Ignatyev" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6155.json b/2023/6xxx/CVE-2023-6155.json index 8758896fb47..6e602feec28 100644 --- a/2023/6xxx/CVE-2023-6155.json +++ b/2023/6xxx/CVE-2023-6155.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6155", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses." } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Information Exposure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Quiz Maker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.4.9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6166.json b/2023/6xxx/CVE-2023-6166.json index 858c2774a33..4851e66409b 100644 --- a/2023/6xxx/CVE-2023-6166.json +++ b/2023/6xxx/CVE-2023-6166.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6166", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "Quiz Maker", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "6.4.9.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/e6155d9b-f6bb-4607-ad64-1976a8afe907" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Alex Sanford" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6250.json b/2023/6xxx/CVE-2023-6250.json index 75735d56865..7f6ebddfa80 100644 --- a/2023/6xxx/CVE-2023-6250.json +++ b/2023/6xxx/CVE-2023-6250.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6250", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "BestWebSoft's Like & Share", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "2.74" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/6cad602b-7414-4867-8ae2-f0b846c4c8f0", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/6cad602b-7414-4867-8ae2-f0b846c4c8f0" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6268.json b/2023/6xxx/CVE-2023-6268.json index c8bcbfdbc74..b1363c8b1d4 100644 --- a/2023/6xxx/CVE-2023-6268.json +++ b/2023/6xxx/CVE-2023-6268.json @@ -1,18 +1,80 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6268", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "contact@wpscan.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Unknown", + "product": { + "product_data": [ + { + "product_name": "JSON Content Importer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "1.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://wpscan.com/vulnerability/15b9ab48-c038-4f2e-b823-1e374baae985", + "refsource": "MISC", + "name": "https://wpscan.com/vulnerability/15b9ab48-c038-4f2e-b823-1e374baae985" + } + ] + }, + "generator": { + "engine": "WPScan CVE Generator" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Krzysztof Zaj\u0105c (CERT PL)" + }, + { + "lang": "en", + "value": "WPScan" + } + ] } \ No newline at end of file