admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2025-04-02 21:04:00 +00:00
parent 776899d134
commit 5498fe6f76
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
11 changed files with 884 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2025/31xxx/CVE-2025-31191.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31191",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access sensitive user data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An app may be able to access sensitive user data"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "tvOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.4"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/122377",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122377"
},
{
"url": "https://support.apple.com/en-us/122371",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122371"
},
{
"url": "https://support.apple.com/en-us/122373",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122373"
},
{
"url": "https://support.apple.com/en-us/122374",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122374"
},
{
"url": "https://support.apple.com/en-us/122375",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122375"
}
]
}

88
2025/31xxx/CVE-2025-31192.json
View File

@ -1,17 +1,97 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31192",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. A website may be able to access sensor information without user consent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A website may be able to access sensor information without user consent"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.4"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.4"
}
]
}
},
{
"product_name": "Safari",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "18.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/122371",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122371"
},
{
"url": "https://support.apple.com/en-us/122373",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122373"
},
{
"url": "https://support.apple.com/en-us/122379",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122379"
}
]
}

64
2025/31xxx/CVE-2025-31194.json
View File

@ -1,17 +1,73 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31194",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "product-security@apple.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A Shortcut may run with admin privileges without authentication"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Apple",
"product": {
"product_data": [
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "15.4"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.apple.com/en-us/122373",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122373"
},
{
"url": "https://support.apple.com/en-us/122374",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122374"
},
{
"url": "https://support.apple.com/en-us/122375",
"refsource": "MISC",
"name": "https://support.apple.com/en-us/122375"
}
]
}

79
2025/31xxx/CVE-2025-31282.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Mangement",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Vision One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NA",
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019386",
"refsource": "MISC",
"name": "https://success.trendmicro.com/en-US/solution/KA-0019386"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "NONE",
"baseScore": 0,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
]
}

79
2025/31xxx/CVE-2025-31283.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31283",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Mangement",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Vision One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NA",
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019386",
"refsource": "MISC",
"name": "https://success.trendmicro.com/en-US/solution/KA-0019386"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "NONE",
"baseScore": 0,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
]
}

79
2025/31xxx/CVE-2025-31284.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Mangement",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Vision One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NA",
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019386",
"refsource": "MISC",
"name": "https://success.trendmicro.com/en-US/solution/KA-0019386"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "NONE",
"baseScore": 0,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
]
}

79
2025/31xxx/CVE-2025-31285.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. \r\n\r\nPlease note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Mangement",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Vision One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NA",
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019386",
"refsource": "MISC",
"name": "https://success.trendmicro.com/en-US/solution/KA-0019386"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "NONE",
"baseScore": 0,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
]
}

79
2025/31xxx/CVE-2025-31286.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31286",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@trendmicro.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code.\r\n\r\nPlease note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Mangement",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Trend Micro, Inc.",
"product": {
"product_data": [
{
"product_name": "Trend Vision One",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "NA",
"version_value": "NA"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://success.trendmicro.com/en-US/solution/KA-0019386",
"refsource": "MISC",
"name": "https://success.trendmicro.com/en-US/solution/KA-0019386"
}
]
},
"credits": [
{
"lang": "en",
"value": "Vaibhav Kumar Srivastava of eSec Forte Technologies Pvt. Ltd"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseSeverity": "NONE",
"baseScore": 0,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N"
}
]
}

85
2025/31xxx/CVE-2025-31376.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Mayeenul Islam NanoSupport allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NanoSupport: from n/a through 0.6.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mayeenul Islam",
"product": {
"product_data": [
{
"product_name": "NanoSupport",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "0.6.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/nanosupport/vulnerability/wordpress-nanosupport-plugin-0-6-0-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/nanosupport/vulnerability/wordpress-nanosupport-plugin-0-6-0-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mika (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

85
2025/31xxx/CVE-2025-31386.json
View File

@ -1,17 +1,94 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing Authorization vulnerability in Simplepress Simple:Press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple:Press: from n/a through 6.10.11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Simplepress",
"product": {
"product_data": [
{
"product_name": "Simple:Press",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "n/a",
"version_value": "6.10.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/simplepress/vulnerability/wordpress-simple-press-plugin-6-10-11-broken-access-control-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/simplepress/vulnerability/wordpress-simple-press-plugin-6-10-11-broken-access-control-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "20kilograma (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

113
2025/31xxx/CVE-2025-31387.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-31387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')",
"cweId": "CWE-98"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "InstaWP",
"product": {
"product_data": [
{
"product_name": "InstaWP Connect",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThanOrEqual": "0.1.0.82",
"status": "affected",
"version": "n/a",
"versionType": "custom",
"changes": [
{
"at": "0.1.0.83",
"status": "unaffected"
}
]
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-82-local-file-inclusion-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/wordpress/plugin/instawp-connect/vulnerability/wordpress-instawp-connect-plugin-0-1-0-82-local-file-inclusion-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update the WordPress InstaWP Connect plugin to the latest available version (at least 0.1.0.83)."
}
],
"value": "Update the WordPress InstaWP Connect plugin to the latest available version (at least 0.1.0.83)."
}
],
"credits": [
{
"lang": "en",
"value": "Dimas Maulana (Patchstack Alliance)"
}
],
"impact": {
"cvss": [
{
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseSeverity": "HIGH",
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"version": "3.1"
}
]
}