admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

CVE-2022-3729 - CVE-2022-3735

Browse Source
This commit is contained in:
Marc Ruef 2022-10-28 10:02:26 +02:00 committed by GitHub
parent c3524dae5b
commit 6eb17825a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 391 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2022/3xxx/CVE-2022-3729.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3729",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "seccome Ehoney attack sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "seccome",
"product": {
"product_data": [
{
"product_name": "Ehoney",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file \/api\/v1\/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-212411."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.212411"
}
]
}

58
2022/3xxx/CVE-2022-3730.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "seccome Ehoney falco sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "seccome",
"product": {
"product_data": [
{
"product_name": "Ehoney",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in seccome Ehoney. Affected is an unknown function of the file \/api\/v1\/attack\/falco. The manipulation of the argument Payload leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-212412."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.212412"
}
]
}

58
2022/3xxx/CVE-2022-3731.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "seccome Ehoney token sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "seccome",
"product": {
"product_data": [
{
"product_name": "Ehoney",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in seccome Ehoney and classified as critical. Affected by this vulnerability is an unknown functionality of the file \/api\/v1\/attack\/token. The manipulation of the argument Payload leads to sql injection. The attack can be launched remotely. The identifier VDB-212413 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.212413"
}
]
}

58
2022/3xxx/CVE-2022-3732.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "seccome Ehoney set sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "seccome",
"product": {
"product_data": [
{
"product_name": "Ehoney",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in seccome Ehoney and classified as critical. Affected by this issue is some unknown functionality of the file \/api\/v1\/bait\/set. The manipulation of the argument Payload leads to sql injection. The attack may be launched remotely. VDB-212414 is the identifier assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.212414"
}
]
}

61
2022/3xxx/CVE-2022-3733.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3733",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "SourceCodester Web-Based Student Clearance System edit-admin.php sql injection",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Web-Based Student Clearance System",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-707 Improper Neutralization -> CWE-74 Injection -> CWE-89 SQL Injection"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. This affects an unknown part of the file Admin\/edit-admin.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212415."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "5.0",
"vectorString": "CVSS:3.1\/AV:N\/AC:H\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/blog.csdn.net\/qq_41988749\/article\/details\/127552717?spm=1001.2014.3001.5502"
},
{
"url": "https:\/\/vuldb.com\/?id.212415"
}
]
}

61
2022/3xxx/CVE-2022-3734.json
View File

@ -4,14 +4,69 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3734",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "Redis dbghelp.dll uncontrolled search path",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "",
"product": {
"product_data": [
{
"product_name": "Redis",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426 Untrusted Search Path -> CWE-427 Uncontrolled Search Path"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Redis. It has been declared as critical. This vulnerability affects unknown code in the library C:\/Program Files\/Redis\/dbghelp.dll. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212416."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/www.cnblogs.com\/J0o1ey\/p\/16829380.html"
},
{
"url": "https:\/\/vuldb.com\/?id.212416"
}
]
}

58
2022/3xxx/CVE-2022-3735.json
View File

@ -4,14 +4,66 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3735",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"TITLE": "seccome Ehoney signup access control",
"REQUESTER": "cna@vuldb.com",
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"generator": "vuldb.com",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "seccome",
"product": {
"product_data": [
{
"product_name": "Ehoney",
"version": {
"version_data": [
{
"version_value": "n\/a"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266 Incorrect Privilege Assignment -> CWE-284 Improper Access Controls"
}
]
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file \/api\/public\/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability."
}
]
},
"impact": {
"cvss": {
"version": "3.1",
"baseScore": "6.3",
"vectorString": "CVSS:3.1\/AV:A\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L"
}
},
"references": {
"reference_data": [
{
"url": "https:\/\/vuldb.com\/?id.212417"
}
]
}