From 755ae4f9a3a66d3360a65b4874439c0b9313ee45 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 8 Apr 2023 08:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/1xxx/CVE-2023-1948.json | 96 ++++++++++++++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1949.json | 96 ++++++++++++++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1950.json | 96 ++++++++++++++++++++++++++++++++++-- 2023/1xxx/CVE-2023-1951.json | 96 ++++++++++++++++++++++++++++++++++-- 4 files changed, 368 insertions(+), 16 deletions(-) diff --git a/2023/1xxx/CVE-2023-1948.json b/2023/1xxx/CVE-2023-1948.json index 76839d5fb3b..8b439d66637 100644 --- a/2023/1xxx/CVE-2023-1948.json +++ b/2023/1xxx/CVE-2023-1948.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1948", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in PHPGurukul BP Monitoring Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Davon betroffen ist unbekannter Code der Datei add-family-member.php der Komponente Add New Family Member Handler. Dank der Manipulation des Arguments Member Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "BP Monitoring Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225335", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225335" + }, + { + "url": "https://vuldb.com/?ctiid.225335", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225335" + }, + { + "url": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/XSS_English.pdf", + "refsource": "MISC", + "name": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/XSS_English.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "carrie.lee (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 3.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 3.5, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1949.json b/2023/1xxx/CVE-2023-1949.json index f27f95a263e..1e97850b233 100644 --- a/2023/1xxx/CVE-2023-1949.json +++ b/2023/1xxx/CVE-2023-1949.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in PHPGurukul BP Monitoring Management System 1.0 gefunden. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei change-password.php der Komponente Change Password Handler. Dank Manipulation des Arguments password mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "BP Monitoring Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225336", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225336" + }, + { + "url": "https://vuldb.com/?ctiid.225336", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225336" + }, + { + "url": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/ChangePassword.php_SQL_English.pdf", + "refsource": "MISC", + "name": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/ChangePassword.php_SQL_English.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "carrie.lee (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1950.json b/2023/1xxx/CVE-2023-1950.json index c49466586c9..e8662431f82 100644 --- a/2023/1xxx/CVE-2023-1950.json +++ b/2023/1xxx/CVE-2023-1950.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1950", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In PHPGurukul BP Monitoring Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei password-recovery.php der Komponente Password Recovery. Mit der Manipulation des Arguments emailid/contactno mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "BP Monitoring Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225337", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225337" + }, + { + "url": "https://vuldb.com/?ctiid.225337", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225337" + }, + { + "url": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/password-recovery.php_SQL_English.pdf", + "refsource": "MISC", + "name": "https://github.com/vsdwef/BP-Monitoring-Management-System/blob/main/password-recovery.php_SQL_English.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "dbapp.jy (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] } diff --git a/2023/1xxx/CVE-2023-1951.json b/2023/1xxx/CVE-2023-1951.json index a2d8c0c01b9..0d56cf376ce 100644 --- a/2023/1xxx/CVE-2023-1951.json +++ b/2023/1xxx/CVE-2023-1951.json @@ -1,17 +1,105 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in SourceCodester Online Computer and Laptop Store 1.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion delete_brand der Datei /admin/maintenance/brand.php. Durch die Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Online Computer and Laptop Store", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.225338", + "refsource": "MISC", + "name": "https://vuldb.com/?id.225338" + }, + { + "url": "https://vuldb.com/?ctiid.225338", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.225338" + }, + { + "url": "https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Delete%20category%20list%20with%20SQL%20injection.pdf", + "refsource": "MISC", + "name": "https://github.com/boyi0508/Online-Computer-and-Laptop-Store/blob/main/Delete%20category%20list%20with%20SQL%20injection.pdf" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "haicheng.zhang (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" } ] }