"-Synchronized-Data."

2025-05-07 11:06:39 +00:00 · 2025-04-06 12:00:32 +00:00 · 2025-04-06 12:00:32 +00:00 · 8a71bb6379
commit 8a71bb6379
parent 54fe7e0a31
2 changed files with 201 additions and 8 deletions
--- a/2025/3xxx/CVE-2025-3316.json
+++ b/2025/3xxx/CVE-2025-3316.json
@ -1,17 +1,123 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-3316",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine Schwachstelle wurde in PHPGurukul Men Salon Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei /admin/search-invoices.php. Durch die Manipulation des Arguments searchdata mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "SQL Injection",
+                        "cweId": "CWE-89"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Injection",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "PHPGurukul",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Men Salon Management System",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "1.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.303515",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.303515"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.303515",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.303515"
+            },
+            {
+                "url": "https://vuldb.com/?submit.551749",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.551749"
+            },
+            {
+                "url": "https://github.com/zhaolu33/CVE/issues/3",
+                "refsource": "MISC",
+                "name": "https://github.com/zhaolu33/CVE/issues/3"
+            },
+            {
+                "url": "https://phpgurukul.com/",
+                "refsource": "MISC",
+                "name": "https://phpgurukul.com/"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "zhaoluzhizhi (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 7.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "HIGH"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 7.5,
+                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
            }
        ]
    }
--- a/2025/3xxx/CVE-2025-3317.json
+++ b/2025/3xxx/CVE-2025-3317.json
@ -1,17 +1,104 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-3317",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available."
+            },
+            {
+                "lang": "deu",
+                "value": "Es wurde eine problematische Schwachstelle in fumiao opencms bis a0fafa5cff58719e9b27c2a2eec204cc165ce14f entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. Durch Manipulation des Arguments path mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Dieses Produkt verzichtet auf eine Versionierung und verwendet stattdessen Rolling Releases. Deshalb sind keine Details zu betroffenen oder zu aktualisierende Versionen vorhanden."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Path Traversal",
+                        "cweId": "CWE-22"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "fumiao",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "opencms",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "a0fafa5cff58719e9b27c2a2eec204cc165ce14f"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.303516",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.303516"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.303516",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.303516"
+            },
+            {
+                "url": "https://gitee.com/fumiao/opencms/issues/IBLJLM",
+                "refsource": "MISC",
+                "name": "https://gitee.com/fumiao/opencms/issues/IBLJLM"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "VulDB Gitee Analyzer"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 4.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 4.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 4,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N"
            }
        ]
    }