From b965de772162c7a30f98f0deff675b64cf079567 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 7 Jan 2024 00:00:36 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/0xxx/CVE-2024-0260.json | 95 ++++++++++++++++++++++++++++++++++-- 1 file changed, 91 insertions(+), 4 deletions(-) diff --git a/2024/0xxx/CVE-2024-0260.json b/2024/0xxx/CVE-2024-0260.json index d5ae7c44db9..b9c038a4e2a 100644 --- a/2024/0xxx/CVE-2024-0260.json +++ b/2024/0xxx/CVE-2024-0260.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-0260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816." + }, + { + "lang": "deu", + "value": "Es wurde eine Schwachstelle in SourceCodester Engineers Online Portal 1.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei change_password_teacher.php der Komponente Password Change. Mittels Manipulieren mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Session Expiration", + "cweId": "CWE-613" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Engineers Online Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.249816", + "refsource": "MISC", + "name": "https://vuldb.com/?id.249816" + }, + { + "url": "https://vuldb.com/?ctiid.249816", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.249816" + }, + { + "url": "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", + "refsource": "MISC", + "name": "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "ahmed8199 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 4, + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" } ] }