From 49987cb2dc16983888df377bbd20294786029b4a Mon Sep 17 00:00:00 2001 From: Marc Ruef Date: Thu, 13 Oct 2022 17:20:00 +0200 Subject: [PATCH] CVE-2022-3492 + CVE-2022-3493 --- 2022/3xxx/CVE-2022-3492.json | 58 ++++++++++++++++++++++++++++++++++-- 2022/3xxx/CVE-2022-3493.json | 58 ++++++++++++++++++++++++++++++++++-- 2 files changed, 110 insertions(+), 6 deletions(-) diff --git a/2022/3xxx/CVE-2022-3492.json b/2022/3xxx/CVE-2022-3492.json index 8194400ceaa..1231735a086 100644 --- a/2022/3xxx/CVE-2022-3492.json +++ b/2022/3xxx/CVE-2022-3492.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3492", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System Profile Photo os command injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-78 OS Command Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Human Resource Management System 1.0. This vulnerability affects unknown code of the component Profile Photo Handler. The manipulation of the argument parameter leads to os command injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210772." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "6.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/vuldb.com\/?id.210772" } ] } diff --git a/2022/3xxx/CVE-2022-3493.json b/2022/3xxx/CVE-2022-3493.json index fc2893aac16..3f5a952a067 100644 --- a/2022/3xxx/CVE-2022-3493.json +++ b/2022/3xxx/CVE-2022-3493.json @@ -4,14 +4,66 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-3493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Human Resource Management System Add Employee cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Human Resource Management System", + "version": { + "version_data": [ + { + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the component Add Employee Handler. The manipulation of the argument First Name\/Middle Name\/Last Name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210773 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/vuldb.com\/?id.210773" } ] }