admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2021-11-05 13:01:03 +00:00
parent 1f24b73f61
commit 60d8afc4de
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
9 changed files with 510 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
2021/42xxx/CVE-2021-42663.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42663",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42663"
}
]
}

66
2021/42xxx/CVE-2021-42664.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42664",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42664",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42664"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50451",
"url": "https://www.exploit-db.com/exploits/50451"
}
]
}

66
2021/42xxx/CVE-2021-42665.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42665",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42665",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42665"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50452",
"url": "https://www.exploit-db.com/exploits/50452"
}
]
}

66
2021/42xxx/CVE-2021-42666.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42666",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42666",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42666"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/50453",
"url": "https://www.exploit-db.com/exploits/50453"
}
]
}

61
2021/42xxx/CVE-2021-42667.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42667",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/14241/online-event-booking-and-reservation-system-phpmysql.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42667",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42667"
}
]
}

61
2021/42xxx/CVE-2021-42668.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42668",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42668",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42668"
}
]
}

61
2021/42xxx/CVE-2021-42669.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42669",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing \"<?php system($_GET[\"cmd\"]); ?>\" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42669",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42669"
}
]
}

61
2021/42xxx/CVE-2021-42670.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42670",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42670",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42670"
}
]
}

61
2021/42xxx/CVE-2021-42671.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42671",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2021-42671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html",
"refsource": "MISC",
"name": "https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html"
},
{
"refsource": "MISC",
"name": "https://github.com/TheHackingRabbi/CVE-2021-42671",
"url": "https://github.com/TheHackingRabbi/CVE-2021-42671"
}
]
}