diff --git a/2024/13xxx/CVE-2024-13869.json b/2024/13xxx/CVE-2024-13869.json index a45d94c6d72..bd635a0b18b 100644 --- a/2024/13xxx/CVE-2024-13869.json +++ b/2024/13xxx/CVE-2024-13869.json @@ -64,6 +64,16 @@ "url": "https://plugins.trac.wordpress.org/changeset/3242904/wpvivid-backuprestore", "refsource": "MISC", "name": "https://plugins.trac.wordpress.org/changeset/3242904/wpvivid-backuprestore" + }, + { + "url": "https://github.com/d0n601/CVE-2024-13869", + "refsource": "MISC", + "name": "https://github.com/d0n601/CVE-2024-13869" + }, + { + "url": "https://ryankozak.com/posts/cve-2024-13869/", + "refsource": "MISC", + "name": "https://ryankozak.com/posts/cve-2024-13869/" } ] }, diff --git a/2025/1xxx/CVE-2025-1575.json b/2025/1xxx/CVE-2025-1575.json index f46b6149860..77be906642b 100644 --- a/2025/1xxx/CVE-2025-1575.json +++ b/2025/1xxx/CVE-2025-1575.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2025-1575", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Harpia DiagSystem 12. Affected is an unknown function of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument cod/codexame leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Harpia DiagSystem 12 entdeckt. Es betrifft eine unbekannte Funktion der Datei /diagsystem/PACS/atualatendimento_jpeg.php. Dank Manipulation des Arguments cod/codexame mit unbekannten Daten kann eine improper control of resource identifiers-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Control of Resource Identifiers", + "cweId": "CWE-99" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Harpia", + "product": { + "product_data": [ + { + "product_name": "DiagSystem", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.296550", + "refsource": "MISC", + "name": "https://vuldb.com/?id.296550" + }, + { + "url": "https://vuldb.com/?ctiid.296550", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.296550" + }, + { + "url": "https://vuldb.com/?submit.497083", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.497083" + }, + { + "url": "https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1zBAwcqfv6-HvDQg6ch3ywbllo0VlLIoQ/view?usp=sharing" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Samuel Jesus (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N" } ] }