admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-07-12 10:00:34 +00:00
parent fbac39dc68
commit 49653e6ced
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
2024/3xxx/CVE-2024-3798.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insecure handling of GET header parameter file\u00a0included in requests being sent to an instance of the\u00a0open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious\u00a0requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable."
"value": "Insecure handling of GET header parameter file\u00a0included in requests being sent to an instance of the\u00a0open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send malicious\u00a0requests to multiple hosts on the local network. If such a request reaches the server, it will cause one of the following (depending on the chosen payload): shell command execution, reflected XSS or cross-site request forgery.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable.\u00a0\nPhoniebox in version 3.0 and higher are not affected."
}
]
},
@ -58,9 +58,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2.7"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "3.0",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
}
]
}

23
2024/3xxx/CVE-2024-3799.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Insecure handling of POST header parameter body\u00a0included in requests being sent to an instance of the open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send\u00a0malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u00a0shell command execution.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer releases were not tested, but they might also be vulnerable."
"value": "Insecure handling of POST header parameter body\u00a0included in requests being sent to an instance of the open-source project\u00a0Phoniebox allows an attacker to create a website, which \u2013 when visited by a user \u2013 will send\u00a0malicious requests to multiple hosts on the local network. If such a request reaches the server, it will cause a\u00a0shell command execution.\n\n\nThis issue affects Phoniebox in all releases through 2.7. Newer 2.x releases were not tested, but they might also be vulnerable. \nPhoniebox in version 3.0 and higher are not affected."
}
]
},
@ -40,9 +40,24 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2.7"
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "2.7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "3.0",
"versionType": "semver"
}
],
"defaultStatus": "unknown"
}
}
]
}