From 6adbc48bca2f41ad7674ceccf65c6b652b83e18f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 31 Dec 2024 10:00:59 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/13xxx/CVE-2024-13067.json | 114 +++++++++++++++++++++++++++++++-- 2024/13xxx/CVE-2024-13086.json | 18 ++++++ 2024/13xxx/CVE-2024-13087.json | 18 ++++++ 2024/13xxx/CVE-2024-13088.json | 18 ++++++ 2024/56xxx/CVE-2024-56216.json | 113 ++++++++++++++++++++++++++++++-- 2024/56xxx/CVE-2024-56230.json | 113 ++++++++++++++++++++++++++++++-- 2024/56xxx/CVE-2024-56804.json | 18 ++++++ 2024/56xxx/CVE-2024-56805.json | 18 ++++++ 2024/56xxx/CVE-2024-56806.json | 18 ++++++ 2024/56xxx/CVE-2024-56807.json | 18 ++++++ 2024/56xxx/CVE-2024-56808.json | 18 ++++++ 11 files changed, 472 insertions(+), 12 deletions(-) create mode 100644 2024/13xxx/CVE-2024-13086.json create mode 100644 2024/13xxx/CVE-2024-13087.json create mode 100644 2024/13xxx/CVE-2024-13088.json create mode 100644 2024/56xxx/CVE-2024-56804.json create mode 100644 2024/56xxx/CVE-2024-56805.json create mode 100644 2024/56xxx/CVE-2024-56806.json create mode 100644 2024/56xxx/CVE-2024-56807.json create mode 100644 2024/56xxx/CVE-2024-56808.json diff --git a/2024/13xxx/CVE-2024-13067.json b/2024/13xxx/CVE-2024-13067.json index 3f0d5ca1c43..fcb19f707ca 100644 --- a/2024/13xxx/CVE-2024-13067.json +++ b/2024/13xxx/CVE-2024-13067.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-13067", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in CodeAstro Online Food Ordering System 1.0 gefunden. Betroffen davon ist ein unbekannter Prozess der Datei /admin/all_users.php der Komponente All Users Page. Mittels Manipulieren mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Controls", + "cweId": "CWE-284" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Privilege Assignment", + "cweId": "CWE-266" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CodeAstro", + "product": { + "product_data": [ + { + "product_name": "Online Food Ordering System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.289823", + "refsource": "MISC", + "name": "https://vuldb.com/?id.289823" + }, + { + "url": "https://vuldb.com/?ctiid.289823", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.289823" + }, + { + "url": "https://vuldb.com/?submit.472081", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.472081" + }, + { + "url": "https://github.com/shaturo1337/POCs/blob/main/Broken%20Access%20Control%20in%20Online%20Food%20Ordering%20System.md", + "refsource": "MISC", + "name": "https://github.com/shaturo1337/POCs/blob/main/Broken%20Access%20Control%20in%20Online%20Food%20Ordering%20System.md" + }, + { + "url": "https://codeastro.com/", + "refsource": "MISC", + "name": "https://codeastro.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "John Correche (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N" } ] } diff --git a/2024/13xxx/CVE-2024-13086.json b/2024/13xxx/CVE-2024-13086.json new file mode 100644 index 00000000000..5700cfb26d9 --- /dev/null +++ b/2024/13xxx/CVE-2024-13086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13087.json b/2024/13xxx/CVE-2024-13087.json new file mode 100644 index 00000000000..ee634c79f39 --- /dev/null +++ b/2024/13xxx/CVE-2024-13087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/13xxx/CVE-2024-13088.json b/2024/13xxx/CVE-2024-13088.json new file mode 100644 index 00000000000..0f8dade96cd --- /dev/null +++ b/2024/13xxx/CVE-2024-13088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-13088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56216.json b/2024/56xxx/CVE-2024-56216.json index 142f874f0be..9cf3aaa9e65 100644 --- a/2024/56xxx/CVE-2024-56216.json +++ b/2024/56xxx/CVE-2024-56216.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-56216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Themify", + "product": { + "product_data": [ + { + "product_name": "Themify Builder", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "7.6.5", + "status": "unaffected" + } + ], + "lessThanOrEqual": "7.6.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/themify-builder/vulnerability/wordpress-themify-builder-plugin-7-6-3-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Themify Builder plugin to the latest available version (at least 7.6.5)." + } + ], + "value": "Update the WordPress Themify Builder plugin to the latest available version (at least 7.6.5)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2024/56xxx/CVE-2024-56230.json b/2024/56xxx/CVE-2024-56230.json index 1d79621b8b2..e9fec5ffe94 100644 --- a/2024/56xxx/CVE-2024-56230.json +++ b/2024/56xxx/CVE-2024-56230.json @@ -1,17 +1,122 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-56230", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "audit@patchstack.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Dynamic Web Lab", + "product": { + "product_data": [ + { + "product_name": "Dynamic Product Category Grid, Slider for WooCommerce", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "changes": [ + { + "at": "1.1.4", + "status": "unaffected" + } + ], + "lessThanOrEqual": "1.1.3", + "status": "affected", + "version": "n/a", + "versionType": "custom" + } + ], + "defaultStatus": "unaffected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://patchstack.com/database/wordpress/plugin/dynamic-product-categories-design/vulnerability/wordpress-dynamic-product-category-grid-slider-for-woocommerce-plugin-1-1-3-local-file-inclusion-vulnerability?_s_id=cve", + "refsource": "MISC", + "name": "https://patchstack.com/database/wordpress/plugin/dynamic-product-categories-design/vulnerability/wordpress-dynamic-product-category-grid-slider-for-woocommerce-plugin-1-1-3-local-file-inclusion-vulnerability?_s_id=cve" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update the WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin to the latest available version (at least 1.1.4)." + } + ], + "value": "Update the WordPress Dynamic Product Category Grid, Slider for WooCommerce plugin to the latest available version (at least 1.1.4)." + } + ], + "credits": [ + { + "lang": "en", + "value": "Jo\u00e3o Pedro Soares de Alc\u00e2ntara - Kinorth (Patchstack Alliance)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2024/56xxx/CVE-2024-56804.json b/2024/56xxx/CVE-2024-56804.json new file mode 100644 index 00000000000..21c2c0294d0 --- /dev/null +++ b/2024/56xxx/CVE-2024-56804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56805.json b/2024/56xxx/CVE-2024-56805.json new file mode 100644 index 00000000000..0e29ea6ced3 --- /dev/null +++ b/2024/56xxx/CVE-2024-56805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56806.json b/2024/56xxx/CVE-2024-56806.json new file mode 100644 index 00000000000..4a42a33c20a --- /dev/null +++ b/2024/56xxx/CVE-2024-56806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56807.json b/2024/56xxx/CVE-2024-56807.json new file mode 100644 index 00000000000..9efc2c413e3 --- /dev/null +++ b/2024/56xxx/CVE-2024-56807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/56xxx/CVE-2024-56808.json b/2024/56xxx/CVE-2024-56808.json new file mode 100644 index 00000000000..008ad9105f2 --- /dev/null +++ b/2024/56xxx/CVE-2024-56808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-56808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file