CVE-2018-1000212 is a REJECT, use CVE-2018-1999022 instead

2025-07-29 05:56:59 +00:00 · 2018-08-20 11:11:47 -06:00 · 2018-08-20 11:11:47 -06:00 · 8ceadb57ef
commit 8ceadb57ef
parent fe1eef64e6
1 changed files with 19 additions and 1 deletions
--- a/2018/1000xxx/CVE-2018-1000212.json
+++ b/2018/1000xxx/CVE-2018-1000212.json
@ -1 +1,19 @@
-{     "CVE_data_meta": {         "ASSIGNER": "kurt@seifried.org",         "DATE_ASSIGNED": "2018-08-02T16:41:53.497929",         "DATE_REQUESTED": "2018-07-19T23:25:02",         "ID": "CVE-2018-1000212",         "REQUESTER": "pear-group@php.net"     },     "affects": {         "vendor": {             "vendor_data": [                 {                     "product": {                         "product_data": [                             {                                 "product_name": "HTML_QuickForm",                                 "version": {                                     "version_data": [                                         {                                             "version_value": "3.2.14"                                         }                                     ]                                 }                             }                         ]                     },                     "vendor_name": "PEAR"                 }             ]         }     },     "data_format": "MITRE",     "data_type": "CVE",     "data_version": "4.0",     "description": {         "description_data": [             {                 "lang": "eng",                 "value": "PEAR HTML_QuickForm version 3.2.14 contains a eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's  validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method that can result in a Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appears to be exploitable via a specially crafted query string could be utilised, e.g. \"http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live\". This vulnerability  appears to have been fixed in 3.2.15."             }         ]     },     "problemtype": {         "problemtype_data": [             {                 "description": [                     {                         "lang": "eng",                         "value": "eval injection (CWE-95)"                     }                 ]             }         ]     },     "references": {         "reference_data": [             {                 "url": "http://blog.pear.php.net/2018/07/19/security-vulnerability-announcement-html_quickform/"             },             {                 "url": "https://civicrm.org/advisory/civi-sa-2018-07-remote-code-execution-in-quickform"             }         ]     } } 
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "DATE_ASSIGNED" : "2018-08-02T16:41:53.497929",
+      "ID" : "CVE-2018-1000212",
+      "STATE" : "REJECT"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2018-1999022.  Reason: This candidate is a reservation duplicate of CVE-2018-1999022.  Notes: All CVE users should reference CVE-2018-1999022 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage."
+         }
+      ]
+   }
+}