diff --git a/2022/2xxx/CVE-2022-2811.json b/2022/2xxx/CVE-2022-2811.json index 8f7bb988147..d03128ed1ec 100644 --- a/2022/2xxx/CVE-2022-2811.json +++ b/2022/2xxx/CVE-2022-2811.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2811", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Guest Management System myform.php cross site scripting", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Guest Management System", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in SourceCodester Guest Management System. This affects an unknown part of the file myform.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206397 was assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "3.5", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:N\/I:L\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/s1.ax1x.com\/2022\/08\/13\/vtDEFO.png" + }, + { + "url": "https:\/\/vuldb.com\/?id.206397" } ] } diff --git a/2022/2xxx/CVE-2022-2812.json b/2022/2xxx/CVE-2022-2812.json index 1299ac5c61d..ce8b40fd69a 100644 --- a/2022/2xxx/CVE-2022-2812.json +++ b/2022/2xxx/CVE-2022-2812.json @@ -4,14 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2812", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Guest Management System index.php sql injection", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Guest Management System", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as critical was found in SourceCodester Guest Management System. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username\/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-206398 is the identifier assigned to this vulnerability." + } + ] + }, + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "7.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:L" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/s1.ax1x.com\/2022\/08\/13\/vtDVYD.png" + }, + { + "url": "https:\/\/vuldb.com\/?id.206398" } ] } diff --git a/2022/2xxx/CVE-2022-2813.json b/2022/2xxx/CVE-2022-2813.json index c6a950a0a1b..ae23b74c6e1 100644 --- a/2022/2xxx/CVE-2022-2813.json +++ b/2022/2xxx/CVE-2022-2813.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-2813", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "TITLE": "SourceCodester Guest Management System cleartext storage", + "REQUESTER": "cna@vuldb.com", + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" + }, + "generator": "vuldb.com", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Guest Management System", + "version": { + "version_data": [ + { + "version_value": "n\/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-312 Cleartext Storage of Sensitive Information" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. Affected is an unknown function. The manipulation leads to cleartext storage of passwords in the database. The identifier of this vulnerability is VDB-206400." + } + ] + }, + "credit": "Marc Ruef", + "impact": { + "cvss": { + "version": "3.1", + "baseScore": "4.3", + "vectorString": "CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:L\/I:N\/A:N" + } + }, + "references": { + "reference_data": [ + { + "url": "https:\/\/vuldb.com\/?id.206400" } ] }