From 76da5d763f2e779e4c16fb8ba1e088ad386c3338 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 28 Nov 2024 19:00:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/11xxx/CVE-2024-11967.json | 114 +++++++++++++++++++++++++++++-- 2024/11xxx/CVE-2024-11968.json | 118 +++++++++++++++++++++++++++++++-- 2 files changed, 224 insertions(+), 8 deletions(-) diff --git a/2024/11xxx/CVE-2024-11967.json b/2024/11xxx/CVE-2024-11967.json index adf6eed9875..b37c9392f88 100644 --- a/2024/11xxx/CVE-2024-11967.json +++ b/2024/11xxx/CVE-2024-11967.json @@ -1,17 +1,123 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11967", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in PHPGurukul Complaint Management system 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Datei /admin/reset-password.php. Durch das Beeinflussen des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHPGurukul", + "product": { + "product_data": [ + { + "product_name": "Complaint Management system", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.286350", + "refsource": "MISC", + "name": "https://vuldb.com/?id.286350" + }, + { + "url": "https://vuldb.com/?ctiid.286350", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.286350" + }, + { + "url": "https://vuldb.com/?submit.452477", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.452477" + }, + { + "url": "https://github.com/Aurora0x1/CVE/issues/4", + "refsource": "MISC", + "name": "https://github.com/Aurora0x1/CVE/issues/4" + }, + { + "url": "https://phpgurukul.com/", + "refsource": "MISC", + "name": "https://phpgurukul.com/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Aurora0x1 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/11xxx/CVE-2024-11968.json b/2024/11xxx/CVE-2024-11968.json index d19e89c1096..1b605d2ac7a 100644 --- a/2024/11xxx/CVE-2024-11968.json +++ b/2024/11xxx/CVE-2024-11968.json @@ -1,17 +1,127 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-11968", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely." + }, + { + "lang": "deu", + "value": "In code-projects Farmacia bis 1.0 wurde eine kritische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei pagamento.php. Durch Beeinflussen des Arguments notaFiscal mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection", + "cweId": "CWE-89" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Injection", + "cweId": "CWE-74" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "code-projects", + "product": { + "product_data": [ + { + "product_name": "Farmacia", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.286351", + "refsource": "MISC", + "name": "https://vuldb.com/?id.286351" + }, + { + "url": "https://vuldb.com/?ctiid.286351", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.286351" + }, + { + "url": "https://vuldb.com/?submit.452877", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.452877" + }, + { + "url": "https://github.com/xiaobai19198/cve/blob/main/sql-cve.md", + "refsource": "MISC", + "name": "https://github.com/xiaobai19198/cve/blob/main/sql-cve.md" + }, + { + "url": "https://code-projects.org/", + "refsource": "MISC", + "name": "https://code-projects.org/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "xiaobai233 (VulDB User)" + }, + { + "lang": "en", + "value": "xiaobai233 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" } ] }