From b72aa680f12e83e7c9a883734b2fb897ff237494 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 4 Mar 2019 13:07:50 -0500 Subject: [PATCH] - Synchronized data. --- 2019/9xxx/CVE-2019-9566.json | 48 +++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9567.json | 58 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9568.json | 58 ++++++++++++++++++++++++++++++++++-- 3 files changed, 158 insertions(+), 6 deletions(-) diff --git a/2019/9xxx/CVE-2019-9566.json b/2019/9xxx/CVE-2019-9566.json index bb8533e2ab7..2ef78731963 100644 --- a/2019/9xxx/CVE-2019-9566.json +++ b/2019/9xxx/CVE-2019-9566.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9566", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www.iwantacve.cn/index.php/archives/127/", + "refsource" : "MISC", + "url" : "http://www.iwantacve.cn/index.php/archives/127/" } ] } diff --git a/2019/9xxx/CVE-2019-9567.json b/2019/9xxx/CVE-2019-9567.json index 93462b6b9af..40e4d2fa5a7 100644 --- a/2019/9xxx/CVE-2019-9567.json +++ b/2019/9xxx/CVE-2019-9567.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9567", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"Forminator Contact Form, Poll & Quiz Builder\" plugin before 1.6 for WordPress has XSS via a custom input field of a poll." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://lists.openwall.net/full-disclosure/2019/02/05/4", + "refsource" : "MISC", + "url" : "https://lists.openwall.net/full-disclosure/2019/02/05/4" + }, + { + "name" : "https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/", + "refsource" : "MISC", + "url" : "https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/" + }, + { + "name" : "https://wordpress.org/plugins/forminator/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/forminator/#developers" } ] } diff --git a/2019/9xxx/CVE-2019-9568.json b/2019/9xxx/CVE-2019-9568.json index 7244ed51885..a66c4dc8829 100644 --- a/2019/9xxx/CVE-2019-9568.json +++ b/2019/9xxx/CVE-2019-9568.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9568", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The \"Forminator Contact Form, Poll & Quiz Builder\" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://lists.openwall.net/full-disclosure/2019/02/05/4", + "refsource" : "MISC", + "url" : "https://lists.openwall.net/full-disclosure/2019/02/05/4" + }, + { + "name" : "https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/", + "refsource" : "MISC", + "url" : "https://security-consulting.icu/blog/2019/02/wordpress-forminator-persistent-xss-blind-sql-injection/" + }, + { + "name" : "https://wordpress.org/plugins/forminator/#developers", + "refsource" : "MISC", + "url" : "https://wordpress.org/plugins/forminator/#developers" } ] }