From 96316605b8edb430f873f71e61c32f2a60e96d6c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 12 Mar 2023 08:00:35 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/1xxx/CVE-2023-1357.json | 101 +++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1358.json | 106 +++++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1359.json | 106 +++++++++++++++++++++++++++++++++++ 2023/1xxx/CVE-2023-1360.json | 18 ++++++ 4 files changed, 331 insertions(+) create mode 100644 2023/1xxx/CVE-2023-1357.json create mode 100644 2023/1xxx/CVE-2023-1358.json create mode 100644 2023/1xxx/CVE-2023-1359.json create mode 100644 2023/1xxx/CVE-2023-1360.json diff --git a/2023/1xxx/CVE-2023-1357.json b/2023/1xxx/CVE-2023-1357.json new file mode 100644 index 00000000000..ccb02e587ae --- /dev/null +++ b/2023/1xxx/CVE-2023-1357.json @@ -0,0 +1,101 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1357", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Simple Bakery Shop Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Komponente Admin Login. Dank der Manipulation des Arguments username/password mit der Eingabe admin' or 1=1 -- mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Simple Bakery Shop Management System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.222860", + "refsource": "MISC", + "name": "https://vuldb.com/?id.222860" + }, + { + "url": "https://vuldb.com/?ctiid.222860", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.222860" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Kishann94 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1358.json b/2023/1xxx/CVE-2023-1358.json new file mode 100644 index 00000000000..19164769367 --- /dev/null +++ b/2023/1xxx/CVE-2023-1358.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1358", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Gadget Works Online Ordering System 1.0 gefunden. Hiervon betroffen ist ein unbekannter Codeblock der Datei /philosophy/admin/login.php der Komponente POST Parameter Handler. Dank Manipulation des Arguments user_email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Gadget Works Online Ordering System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.222861", + "refsource": "MISC", + "name": "https://vuldb.com/?id.222861" + }, + { + "url": "https://vuldb.com/?ctiid.222861", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.222861" + }, + { + "url": "https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.md", + "refsource": "MISC", + "name": "https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/SQLi-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heitaoa999 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 6.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 6.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 6.5, + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseSeverity": "MEDIUM" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1359.json b/2023/1xxx/CVE-2023-1359.json new file mode 100644 index 00000000000..995227fe5f7 --- /dev/null +++ b/2023/1xxx/CVE-2023-1359.json @@ -0,0 +1,106 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-1359", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "In SourceCodester Gadget Works Online Ordering System 1.0 wurde eine problematische Schwachstelle gefunden. Betroffen ist eine unbekannte Verarbeitung der Datei /philosophy/admin/user/controller.php?action=add der Komponente Add New User. Mit der Manipulation des Arguments U_NAME mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Gadget Works Online Ordering System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.222862", + "refsource": "MISC", + "name": "https://vuldb.com/?id.222862" + }, + { + "url": "https://vuldb.com/?ctiid.222862", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.222862" + }, + { + "url": "https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/XSS-1.md", + "refsource": "MISC", + "name": "https://github.com/heitaoa999/bug_report/blob/main/vendors/janobe/Gadget%20Works%20Online%20Ordering%20System/XSS-1.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "heitaoa999 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseSeverity": "LOW" + } + ] + } +} \ No newline at end of file diff --git a/2023/1xxx/CVE-2023-1360.json b/2023/1xxx/CVE-2023-1360.json new file mode 100644 index 00000000000..795e63f6fbc --- /dev/null +++ b/2023/1xxx/CVE-2023-1360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-1360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file