admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-10 01:00:35 +00:00
parent 52cd83d07c
commit 4948213804
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 440 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2023/4xxx/CVE-2023-4867.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4867",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in Xintian Smart Table Integrated Management System 5.6.9 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /SysManage/AddUpdateSites.aspx der Komponente Added Site Page. Durch die Manipulation des Arguments TbxSiteName mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xintian",
"product": {
"product_data": [
{
"product_name": "Smart Table Integrated Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.239352",
"refsource": "MISC",
"name": "https://vuldb.com/?id.239352"
},
{
"url": "https://vuldb.com/?ctiid.239352",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.239352"
},
{
"url": "https://github.com/fortunate888/cve/blob/main/sql_inject_1.md",
"refsource": "MISC",
"name": "https://github.com/fortunate888/cve/blob/main/sql_inject_1.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "fortunate (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

90
2023/4xxx/CVE-2023-4868.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4868",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester Contact Manager App 1.0 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei add.php. Durch Manipulation mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Contact Manager App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.239353",
"refsource": "MISC",
"name": "https://vuldb.com/?id.239353"
},
{
"url": "https://vuldb.com/?ctiid.239353",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.239353"
},
{
"url": "https://skypoc.wordpress.com/2023/09/05/vuln1/",
"refsource": "MISC",
"name": "https://skypoc.wordpress.com/2023/09/05/vuln1/"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}

96
2023/4xxx/CVE-2023-4869.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4869",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine problematische Schwachstelle wurde in SourceCodester Contact Manager App 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei update.php. Mittels dem Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Contact Manager App",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.239354",
"refsource": "MISC",
"name": "https://vuldb.com/?id.239354"
},
{
"url": "https://vuldb.com/?ctiid.239354",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.239354"
},
{
"url": "https://skypoc.wordpress.com/2023/09/05/vuln1/",
"refsource": "MISC",
"name": "https://skypoc.wordpress.com/2023/09/05/vuln1/"
}
]
},
"credits": [
{
"lang": "en",
"value": "gikaku (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 4.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 4.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}

82
2023/4xxx/CVE-2023-4876.json
View File

@ -1,17 +1,91 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hamza417",
"product": {
"product_data": [
{
"product_name": "hamza417/inure",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "build92"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/f729d2c8-a62e-4f30-ac24-e187b0a7892a"
},
{
"url": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8",
"refsource": "MISC",
"name": "https://github.com/hamza417/inure/commit/7db5511753089c3cf477475f1f3b62a6e6ede4a8"
}
]
},
"source": {
"advisory": "f729d2c8-a62e-4f30-ac24-e187b0a7892a",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 7.9,
"baseSeverity": "HIGH"
}
]
}

92
2023/4xxx/CVE-2023-4877.json Normal file
View File

@ -0,0 +1,92 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-4877",
"ASSIGNER": "security@huntr.dev",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"cweId": "CWE-200"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "hamza417",
"product": {
"product_data": [
{
"product_name": "hamza417/inure",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "build92"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84",
"refsource": "MISC",
"name": "https://huntr.dev/bounties/168e9299-f8ff-40d6-9def-d097b38bad84"
},
{
"url": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7",
"refsource": "MISC",
"name": "https://github.com/hamza417/inure/commit/09762e8c059be5983ca55e6424b2b5992fa740e7"
}
]
},
"source": {
"advisory": "168e9299-f8ff-40d6-9def-d097b38bad84",
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"version": "3.0",
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}
]
}
}