admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-05 12:00:41 +00:00
parent a107163a1e
commit 4e96e4f353
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
3 changed files with 162 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2022/23xxx/CVE-2022-23044.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23044",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tiny File Manager",
"version": {
"version_data": [
{
"version_value": "2.4.8"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,26 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tiny File Manager",
"version": {
"version_data": [
{
"version_value": "2.4.8",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/prasathmani/tinyfilemanager/",
"refsource": "MISC",
"name": "https://github.com/prasathmani/tinyfilemanager/",
"url": "https://github.com/prasathmani/tinyfilemanager/"
"name": "https://github.com/prasathmani/tinyfilemanager/"
},
{
"url": "https://fluidattacks.com/advisories/mosey/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/mosey/",
"url": "https://fluidattacks.com/advisories/mosey/"
"name": "https://fluidattacks.com/advisories/mosey/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files."
}
]
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

75
2022/45xxx/CVE-2022-45475.json
View File

@ -1,34 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45475",
"ASSIGNER": "help@fluidattacks.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tiny File Manager",
"version": {
"version_data": [
{
"version_value": "2.4.8"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control."
}
]
},
"problemtype": {
"problemtype_data": [
@ -42,26 +27,48 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Tiny File Manager",
"version": {
"version_data": [
{
"version_value": "2.4.8",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/prasathmani/tinyfilemanager/",
"refsource": "MISC",
"name": "https://github.com/prasathmani/tinyfilemanager/",
"url": "https://github.com/prasathmani/tinyfilemanager/"
"name": "https://github.com/prasathmani/tinyfilemanager/"
},
{
"url": "https://fluidattacks.com/advisories/mosey/",
"refsource": "MISC",
"name": "https://fluidattacks.com/advisories/mosey/",
"url": "https://fluidattacks.com/advisories/mosey/"
"name": "https://fluidattacks.com/advisories/mosey/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application is vulnerable to CSRF, processes uploaded files server-side (instead of just returning them for download), and allows unauthenticated users to access uploaded files."
}
]
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

84
2022/45xxx/CVE-2022-45824.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-45824",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Advanced Booking Calendar",
"product": {
"product_data": [
{
"product_name": "Advanced Booking Calendar",
"version": {
"version_data": [
{
"version_value": "n/a",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-booking-calendar/wordpress-advanced-booking-calendar-plugin-1-7-1-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/advanced-booking-calendar/wordpress-advanced-booking-calendar-plugin-1-7-1-multiple-cross-site-scripting-csrf-vulnerabilities?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "minhtuanact (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}