diff --git a/2024/25xxx/CVE-2024-25652.json b/2024/25xxx/CVE-2024-25652.json
index 17935c52065..f137014601a 100644
--- a/2024/25xxx/CVE-2024-25652.json
+++ b/2024/25xxx/CVE-2024-25652.json
@@ -1,40 +1,17 @@
{
+ "data_version": "4.0",
+ "data_type": "CVE",
+ "data_format": "MITRE",
"CVE_data_meta": {
- "ASSIGNER": "security@delinea.com",
"ID": "CVE-2024-25652",
+ "ASSIGNER": "security@delinea.com",
"STATE": "PUBLIC"
},
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "n/a",
- "version": {
- "version_data": [
- {
- "version_value": "n/a"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "n/a"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
- "value": "In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users."
+ "value": "In Delinea PAM Secret Server 11.4, it is possible for a user assigned \"Administer Reports\" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users through information obtained from the Custom Legacy Report functionality."
}
]
},
@@ -44,18 +21,101 @@
"description": [
{
"lang": "eng",
- "value": "n/a"
+ "value": "CWE-287 Improper Authentication",
+ "cweId": "CWE-287"
}
]
}
]
},
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Delinea",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Secret Server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "11.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
"references": {
"reference_data": [
{
+ "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652",
"refsource": "MISC",
- "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652",
- "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
+ "name": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652"
+ },
+ {
+ "url": "https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm",
+ "refsource": "MISC",
+ "name": "https://docs.delinea.com/online-help/secret-server/release-notes/ssc-rn-2024-02-10.htm"
+ },
+ {
+ "url": "https://trust.delinea.com/",
+ "refsource": "MISC",
+ "name": "https://trust.delinea.com/"
+ },
+ {
+ "url": "https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin",
+ "refsource": "MISC",
+ "name": "https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm?Highlight=unlimited%20admin"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "solution": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Follow product hardening guidelines (LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later. "
+ }
+ ],
+ "value": "Follow product hardening guidelines https://https://docs.delinea.com/online-help/secret-server/admin/unlimited-administration-mode/index.htm \u00a0(LINKED) for recommended use of unlimited admin mode, update to Secret Server Cloud versions 2024-02-10 or later."
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Agenzia Per La Cybersicurezza Nazionale"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.6,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
+ "version": "3.1"
}
]
}
diff --git a/2025/47xxx/CVE-2025-47269.json b/2025/47xxx/CVE-2025-47269.json
index 14dc38fd505..8a440b1a9ae 100644
--- a/2025/47xxx/CVE-2025-47269.json
+++ b/2025/47xxx/CVE-2025-47269.json
@@ -1,17 +1,95 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-47269",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security-advisories@github.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker gaining access to the session token. Failure to properly validate the port for a proxy request can result in proxying to an arbitrary domain. The malicious URL `https:///proxy/test@evil.com/path` would be proxied to `test@evil.com/path` where the attacker could exfiltrate a user's session token. Any user who runs code-server with the built-in proxy enabled and clicks on maliciously crafted links that go to their code-server instances with reference to /proxy. Normally this is used to proxy local ports, however the URL can reference the attacker's domain instead, and the connection is then proxied to that domain, which will include sending cookies. With access to the session cookie, the attacker can then log into code-server and have full access to the machine hosting code-server as the user running code-server. This issue has been patched in version 4.99.4."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')",
+ "cweId": "CWE-441"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "coder",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "code-server",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "< 4.99.4"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://github.com/coder/code-server/security/advisories/GHSA-p483-wpfp-42cj",
+ "refsource": "MISC",
+ "name": "https://github.com/coder/code-server/security/advisories/GHSA-p483-wpfp-42cj"
+ },
+ {
+ "url": "https://github.com/coder/code-server/commit/47d6d3ada5aadef6d221f3d612401eb3dad9299e",
+ "refsource": "MISC",
+ "name": "https://github.com/coder/code-server/commit/47d6d3ada5aadef6d221f3d612401eb3dad9299e"
+ },
+ {
+ "url": "https://github.com/coder/code-server/releases/tag/v4.99.4",
+ "refsource": "MISC",
+ "name": "https://github.com/coder/code-server/releases/tag/v4.99.4"
+ }
+ ]
+ },
+ "source": {
+ "advisory": "GHSA-p483-wpfp-42cj",
+ "discovery": "UNKNOWN"
+ },
+ "impact": {
+ "cvss": [
+ {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 8.3,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
+ "version": "3.1"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4447.json b/2025/4xxx/CVE-2025-4447.json
index e4ce2f46981..95c20a65b7a 100644
--- a/2025/4xxx/CVE-2025-4447.json
+++ b/2025/4xxx/CVE-2025-4447.json
@@ -1,18 +1,76 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4447",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "security@eclipse.org",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts."
}
]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "CWE-121: Stack-based Buffer Overflow",
+ "cweId": "CWE-121"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Eclipse Foundation",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "OpenJ9",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "<=",
+ "version_name": "0.8.0",
+ "version_value": "0.49.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61",
+ "refsource": "MISC",
+ "name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/61"
+ },
+ {
+ "url": "https://github.com/eclipse-openj9/openj9/pull/21762",
+ "refsource": "MISC",
+ "name": "https://github.com/eclipse-openj9/openj9/pull/21762"
+ }
+ ]
+ },
+ "generator": {
+ "engine": "Vulnogram 0.2.0"
+ },
+ "source": {
+ "discovery": "UNKNOWN"
}
}
\ No newline at end of file
diff --git a/2025/4xxx/CVE-2025-4487.json b/2025/4xxx/CVE-2025-4487.json
index c040ef9083d..dcfa36da034 100644
--- a/2025/4xxx/CVE-2025-4487.json
+++ b/2025/4xxx/CVE-2025-4487.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4487",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_member. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine kritische Schwachstelle in itsourcecode Gym Management System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei /ajax.php?action=delete_member. Durch Manipulation des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "itsourcecode",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Gym Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.308202",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.308202"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.308202",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.308202"
+ },
+ {
+ "url": "https://vuldb.com/?submit.566782",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.566782"
+ },
+ {
+ "url": "https://github.com/wyl091256/CVE/issues/7",
+ "refsource": "MISC",
+ "name": "https://github.com/wyl091256/CVE/issues/7"
+ },
+ {
+ "url": "https://itsourcecode.com/",
+ "refsource": "MISC",
+ "name": "https://itsourcecode.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wyl091256 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4488.json b/2025/4xxx/CVE-2025-4488.json
index 457031b5ba4..1b6909d83fb 100644
--- a/2025/4xxx/CVE-2025-4488.json
+++ b/2025/4xxx/CVE-2025-4488.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4488",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_package. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "In itsourcecode Gym Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /ajax.php?action=delete_package. Mittels dem Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "itsourcecode",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Gym Management System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.308203",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.308203"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.308203",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.308203"
+ },
+ {
+ "url": "https://vuldb.com/?submit.566783",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.566783"
+ },
+ {
+ "url": "https://github.com/wyl091256/CVE/issues/8",
+ "refsource": "MISC",
+ "name": "https://github.com/wyl091256/CVE/issues/8"
+ },
+ {
+ "url": "https://itsourcecode.com/",
+ "refsource": "MISC",
+ "name": "https://itsourcecode.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wyl091256 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4489.json b/2025/4xxx/CVE-2025-4489.json
index a8de9007f47..1961c2e23b7 100644
--- a/2025/4xxx/CVE-2025-4489.json
+++ b/2025/4xxx/CVE-2025-4489.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4489",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability was found in Campcodes Online Food Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /routers/user-router.php. The manipulation of the argument t1_verified leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Eine kritische Schwachstelle wurde in Campcodes Online Food Ordering System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei /routers/user-router.php. Mittels Manipulieren des Arguments t1_verified mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Food Ordering System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.308204",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.308204"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.308204",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.308204"
+ },
+ {
+ "url": "https://vuldb.com/?submit.566784",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.566784"
+ },
+ {
+ "url": "https://github.com/wyl091256/CVE/issues/9",
+ "refsource": "MISC",
+ "name": "https://github.com/wyl091256/CVE/issues/9"
+ },
+ {
+ "url": "https://www.campcodes.com/",
+ "refsource": "MISC",
+ "name": "https://www.campcodes.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wyl091256 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4490.json b/2025/4xxx/CVE-2025-4490.json
index 3d4319f4fae..9468a401e1d 100644
--- a/2025/4xxx/CVE-2025-4490.json
+++ b/2025/4xxx/CVE-2025-4490.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4490",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /view-ticket-admin.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "Es wurde eine Schwachstelle in Campcodes Online Food Ordering System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /view-ticket-admin.php. Durch das Manipulieren des Arguments ID mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Food Ordering System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.308205",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.308205"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.308205",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.308205"
+ },
+ {
+ "url": "https://vuldb.com/?submit.566785",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.566785"
+ },
+ {
+ "url": "https://github.com/wyl091256/CVE/issues/10",
+ "refsource": "MISC",
+ "name": "https://github.com/wyl091256/CVE/issues/10"
+ },
+ {
+ "url": "https://www.campcodes.com/",
+ "refsource": "MISC",
+ "name": "https://www.campcodes.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wyl091256 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4491.json b/2025/4xxx/CVE-2025-4491.json
index e46780597f1..6d52136eb80 100644
--- a/2025/4xxx/CVE-2025-4491.json
+++ b/2025/4xxx/CVE-2025-4491.json
@@ -1,17 +1,123 @@
{
+ "data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
- "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2025-4491",
- "ASSIGNER": "cve@mitre.org",
- "STATE": "RESERVED"
+ "ASSIGNER": "cna@vuldb.com",
+ "STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
- "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ "value": "A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticket_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
+ },
+ {
+ "lang": "deu",
+ "value": "In Campcodes Online Food Ordering System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /routers/ticket-status.php. Durch Manipulieren des Arguments ticket_id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+ }
+ ]
+ },
+ "problemtype": {
+ "problemtype_data": [
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "SQL Injection",
+ "cweId": "CWE-89"
+ }
+ ]
+ },
+ {
+ "description": [
+ {
+ "lang": "eng",
+ "value": "Injection",
+ "cweId": "CWE-74"
+ }
+ ]
+ }
+ ]
+ },
+ "affects": {
+ "vendor": {
+ "vendor_data": [
+ {
+ "vendor_name": "Campcodes",
+ "product": {
+ "product_data": [
+ {
+ "product_name": "Online Food Ordering System",
+ "version": {
+ "version_data": [
+ {
+ "version_affected": "=",
+ "version_value": "1.0"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "references": {
+ "reference_data": [
+ {
+ "url": "https://vuldb.com/?id.308206",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?id.308206"
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.308206",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?ctiid.308206"
+ },
+ {
+ "url": "https://vuldb.com/?submit.566786",
+ "refsource": "MISC",
+ "name": "https://vuldb.com/?submit.566786"
+ },
+ {
+ "url": "https://github.com/wyl091256/CVE/issues/11",
+ "refsource": "MISC",
+ "name": "https://github.com/wyl091256/CVE/issues/11"
+ },
+ {
+ "url": "https://www.campcodes.com/",
+ "refsource": "MISC",
+ "name": "https://www.campcodes.com/"
+ }
+ ]
+ },
+ "credits": [
+ {
+ "lang": "en",
+ "value": "wyl091256 (VulDB User)"
+ }
+ ],
+ "impact": {
+ "cvss": [
+ {
+ "version": "3.1",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "3.0",
+ "baseScore": 7.3,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+ "baseSeverity": "HIGH"
+ },
+ {
+ "version": "2.0",
+ "baseScore": 7.5,
+ "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}
diff --git a/2025/4xxx/CVE-2025-4521.json b/2025/4xxx/CVE-2025-4521.json
new file mode 100644
index 00000000000..c20918adbb8
--- /dev/null
+++ b/2025/4xxx/CVE-2025-4521.json
@@ -0,0 +1,18 @@
+{
+ "data_type": "CVE",
+ "data_format": "MITRE",
+ "data_version": "4.0",
+ "CVE_data_meta": {
+ "ID": "CVE-2025-4521",
+ "ASSIGNER": "cve@mitre.org",
+ "STATE": "RESERVED"
+ },
+ "description": {
+ "description_data": [
+ {
+ "lang": "eng",
+ "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+ }
+ ]
+ }
+}
\ No newline at end of file