diff --git a/2018/19xxx/CVE-2018-19220.json b/2018/19xxx/CVE-2018-19220.json new file mode 100644 index 00000000000..8ce8cdfad43 --- /dev/null +++ b/2018/19xxx/CVE-2018-19220.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19220", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#getshell" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19221.json b/2018/19xxx/CVE-2018-19221.json new file mode 100644 index 00000000000..c22b2370c12 --- /dev/null +++ b/2018/19xxx/CVE-2018-19221.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19221", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows SQL Injection via the admin/login.php guanliyuan parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#sql-injection", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#sql-injection" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19222.json b/2018/19xxx/CVE-2018-19222.json new file mode 100644 index 00000000000..a74d0657f4e --- /dev/null +++ b/2018/19xxx/CVE-2018-19222.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19222", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to reset the admin password, even if install.txt exists." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#reset-admin-password" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19223.json b/2018/19xxx/CVE-2018-19223.json new file mode 100644 index 00000000000..62be2a8b56f --- /dev/null +++ b/2018/19xxx/CVE-2018-19223.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19223", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19224.json b/2018/19xxx/CVE-2018-19224.json new file mode 100644 index 00000000000..37b7d657806 --- /dev/null +++ b/2018/19xxx/CVE-2018-19224.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19224", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#unauthorized-access" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19225.json b/2018/19xxx/CVE-2018-19225.json new file mode 100644 index 00000000000..0c5b8bb1e00 --- /dev/null +++ b/2018/19xxx/CVE-2018-19225.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19225", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. admin/mima.php has CSRF." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#csrf" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19226.json b/2018/19xxx/CVE-2018-19226.json new file mode 100644 index 00000000000..8dd9f7cd914 --- /dev/null +++ b/2018/19xxx/CVE-2018-19226.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19226", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to list .txt files via a direct request for the /data/0/admin.txt URI." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#info_exp" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19227.json b/2018/19xxx/CVE-2018-19227.json new file mode 100644 index 00000000000..c10ea78b358 --- /dev/null +++ b/2018/19xxx/CVE-2018-19227.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19227", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/liuyan.php neirong[] parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss1", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss1" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19228.json b/2018/19xxx/CVE-2018-19228.json new file mode 100644 index 00000000000..1c8aa32abb0 --- /dev/null +++ b/2018/19xxx/CVE-2018-19228.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19228", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows arbitrary file deletion via ../ directory traversal in the admin/pic.php del parameter, as demonstrated by deleting install/install.txt to permit a reinstallation." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#del-file" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19229.json b/2018/19xxx/CVE-2018-19229.json new file mode 100644 index 00000000000..49cad9ae627 --- /dev/null +++ b/2018/19xxx/CVE-2018-19229.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19229", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the admin/art.php?typeid=1 biaoti parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss3", + "refsource" : "MISC", + "url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss3" + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19230.json b/2018/19xxx/CVE-2018-19230.json new file mode 100644 index 00000000000..34e1f288ef5 --- /dev/null +++ b/2018/19xxx/CVE-2018-19230.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19230", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19231.json b/2018/19xxx/CVE-2018-19231.json new file mode 100644 index 00000000000..3c543256a1f --- /dev/null +++ b/2018/19xxx/CVE-2018-19231.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19231", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/19xxx/CVE-2018-19232.json b/2018/19xxx/CVE-2018-19232.json new file mode 100644 index 00000000000..9ec774b1d99 --- /dev/null +++ b/2018/19xxx/CVE-2018-19232.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19232", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}