admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-05-11 06:00:34 +00:00
parent d959ff3cba
commit 623061f4a8
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
2 changed files with 89 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
2024/4xxx/CVE-2024-4560.json
View File

@ -1,17 +1,84 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@wordfence.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the chatbot_chatgpt_upload_file_to_assistant function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers, with to upload arbitrary files on the affected site's server which may make remote code execution possible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kognetiks",
"product": {
"product_data": [
{
"product_name": "Kognetiks Chatbot for WordPress",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "*",
"version_value": "1.9.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve",
"refsource": "MISC",
"name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17"
}
]
},
"credits": [
{
"lang": "en",
"value": "Francesco Carlucci"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
}
]
}

18
2024/4xxx/CVE-2024-4790.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-4790",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}