From 64e31d685cb6ca21d95a41bd83efc694802fb88f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Jun 2023 13:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/23xxx/CVE-2023-23802.json | 113 +++++++++++++++++++- 2023/25xxx/CVE-2023-25450.json | 113 +++++++++++++++++++- 2023/25xxx/CVE-2023-25972.json | 85 ++++++++++++++- 2023/35xxx/CVE-2023-35701.json | 18 ++++ 2023/3xxx/CVE-2023-3274.json | 106 +++++++++++++++++++ 2023/3xxx/CVE-2023-3275.json | 101 ++++++++++++++++++ 2023/3xxx/CVE-2023-3276.json | 182 +++++++++++++++++++++++++++++++++ 7 files changed, 706 insertions(+), 12 deletions(-) create mode 100644 2023/35xxx/CVE-2023-35701.json create mode 100644 2023/3xxx/CVE-2023-3274.json create mode 100644 2023/3xxx/CVE-2023-3275.json create mode 100644 2023/3xxx/CVE-2023-3276.json diff --git a/2023/23xxx/CVE-2023-23802.json b/2023/23xxx/CVE-2023-23802.json index dbde829d5cd..f7543e2145a 100644 --- a/2023/23xxx/CVE-2023-23802.json +++ b/2023/23xxx/CVE-2023-23802.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-23802", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <=\u00a01.0.6 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HasThemes", + "product": { + "product_data": [ + { + "product_name": "HT Easy GA4 ( Google Analytics 4 )", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.0.7", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.0.6", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 1.0.7 or a higher version." + } + ], + "value": "Update to\u00a01.0.7 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Lana Codes (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25450.json b/2023/25xxx/CVE-2023-25450.json index e9aacb3bd21..e937cccc855 100644 --- a/2023/25xxx/CVE-2023-25450.json +++ b/2023/25xxx/CVE-2023-25450.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP \u2013 Donation Plugin and Fundraising Platform plugin <=\u00a02.25.1 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352 Cross-Site Request Forgery (CSRF)", + "cweId": "CWE-352" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GiveWP", + "product": { + "product_data": [ + { + "product_name": "GiveWP \u2013 Donation Plugin and Fundraising Platform", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "2.25.2", + "status": "unaffected" + } + ], + "lessThanOrEqual": "2.25.1", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-2-25-1-cross-site-request-forgery-csrf-via-give-cache-flush-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to 2.25.2 or a higher version." + } + ], + "value": "Update to\u00a02.25.2 or a higher version." + } + ], + "credits": [ + { + "lang": "en", + "value": "Rio Darmawan (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25972.json b/2023/25xxx/CVE-2023-25972.json index ba721db5a17..7f602143747 100644 --- a/2023/25xxx/CVE-2023-25972.json +++ b/2023/25xxx/CVE-2023-25972.json @@ -1,17 +1,94 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25972", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in IKSWEB WordPress \u0421\u0442\u0430\u0440\u0442 plugin <=\u00a03.7 versions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IKSWEB", + "product": { + "product_data": [ + { + "product_name": "WordPress \u0421\u0442\u0430\u0440\u0442", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "n/a", + "version_value": "3.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/vulnerability/iksweb/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/vulnerability/iksweb/wordpress-start-plugin-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "EXTERNAL" + }, + "credits": [ + { + "lang": "en", + "value": "Karthikeyan Balasubramanian (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/35xxx/CVE-2023-35701.json b/2023/35xxx/CVE-2023-35701.json new file mode 100644 index 00000000000..90891ec8de3 --- /dev/null +++ b/2023/35xxx/CVE-2023-35701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-35701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3274.json b/2023/3xxx/CVE-2023-3274.json new file mode 100644 index 00000000000..55a40de7283 --- /dev/null +++ b/2023/3xxx/CVE-2023-3274.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3274", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Affected is an unknown function of the file btn_functions.php of the component Picture Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231624." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in code-projects Supplier Management System 1.0 entdeckt. Betroffen hiervon ist ein unbekannter Ablauf der Datei btn_functions.php der Komponente Picture Handler. Durch Manipulieren mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Supplier Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231624", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231624" + }, + { + "url": "https://vuldb.com/?ctiid.231624", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231624" + }, + { + "url": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf", + "refsource": "MISC", + "name": "https://github.com/wuyangzihan/SUPPLIER-MANAGEMENT-SYSTEM/blob/main/SUPPLIER%20MANAGEMENT%20SYSTEM%20has%20a%20file%20upload%20(RCE)%20vulnerability.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "WuYangZiHan (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3275.json b/2023/3xxx/CVE-2023-3275.json new file mode 100644 index 00000000000..9e1a66e36da --- /dev/null +++ b/2023/3xxx/CVE-2023-3275.json @@ -0,0 +1,101 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3275", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view-pass-detail.php of the component POST Request Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The identifier VDB-231625 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In PHPGurukul Rail Pass Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /view-pass-detail.php der Komponente POST Request Handler. Durch das Beeinflussen des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Rail Pass Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231625", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231625" + }, + { + "url": "https://vuldb.com/?ctiid.231625", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231625" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "scumdestroy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/3xxx/CVE-2023-3276.json b/2023/3xxx/CVE-2023-3276.json new file mode 100644 index 00000000000..22edf63b90d --- /dev/null +++ b/2023/3xxx/CVE-2023-3276.json @@ -0,0 +1,182 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-3276", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Affected by this issue is the function readBySax of the file XmlUtil.java of the component XML Parsing Module. The manipulation leads to xml external entity reference. The exploit has been disclosed to the public and may be used. VDB-231626 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine problematische Schwachstelle wurde in Dromara HuTool bis 5.8.19 entdeckt. Es geht hierbei um die Funktion readBySax der Datei XmlUtil.java der Komponente XML Parsing Module. Durch Beeinflussen mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611 XML External Entity Reference", + "cweId": "CWE-611" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dromara", + "product": { + "product_data": [ + { + "product_name": "HuTool", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.8.0" + }, + { + "version_affected": "=", + "version_value": "5.8.1" + }, + { + "version_affected": "=", + "version_value": "5.8.2" + }, + { + "version_affected": "=", + "version_value": "5.8.3" + }, + { + "version_affected": "=", + "version_value": "5.8.4" + }, + { + "version_affected": "=", + "version_value": "5.8.5" + }, + { + "version_affected": "=", + "version_value": "5.8.6" + }, + { + "version_affected": "=", + "version_value": "5.8.7" + }, + { + "version_affected": "=", + "version_value": "5.8.8" + }, + { + "version_affected": "=", + "version_value": "5.8.9" + }, + { + "version_affected": "=", + "version_value": "5.8.10" + }, + { + "version_affected": "=", + "version_value": "5.8.11" + }, + { + "version_affected": "=", + "version_value": "5.8.12" + }, + { + "version_affected": "=", + "version_value": "5.8.13" + }, + { + "version_affected": "=", + "version_value": "5.8.14" + }, + { + "version_affected": "=", + "version_value": "5.8.15" + }, + { + "version_affected": "=", + "version_value": "5.8.16" + }, + { + "version_affected": "=", + "version_value": "5.8.17" + }, + { + "version_affected": "=", + "version_value": "5.8.18" + }, + { + "version_affected": "=", + "version_value": "5.8.19" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.231626", + "refsource": "MISC", + "name": "https://vuldb.com/?id.231626" + }, + { + "url": "https://vuldb.com/?ctiid.231626", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.231626" + }, + { + "url": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/", + "refsource": "MISC", + "name": "https://fbdhhhh47.github.io/2023/06/06/hutool-XXE/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "fbdhhhh (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file