"-Synchronized-Data."

2025-05-06 10:41:46 +00:00 · 2025-03-02 22:00:31 +00:00 · 2025-03-02 22:00:31 +00:00 · d7f5d120b1
commit d7f5d120b1
parent c5446c7d29
2 changed files with 201 additions and 8 deletions
--- a/2025/1xxx/CVE-2025-1832.json
+++ b/2025/1xxx/CVE-2025-1832.json
@ -1,17 +1,118 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-1832",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "In zj1983 zz bis 2024-8 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion getUserList der Datei src/main/java/com/futvan/z/system/zrole/ZroleAction.java. Durch Beeinflussen des Arguments roleid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "SQL Injection",
+                        "cweId": "CWE-89"
+                    }
+                ]
+            },
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Injection",
+                        "cweId": "CWE-74"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "zj1983",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "zz",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "2024-8"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.298099",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.298099"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.298099",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.298099"
+            },
+            {
+                "url": "https://vuldb.com/?submit.504814",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.504814"
+            },
+            {
+                "url": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8_4%E5%90%8E%E5%8F%B0SQL%E6%B3%A8%E5%85%A5.md",
+                "refsource": "MISC",
+                "name": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8_4%E5%90%8E%E5%8F%B0SQL%E6%B3%A8%E5%85%A5.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Caigo (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.5,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }
--- a/2025/1xxx/CVE-2025-1833.json
+++ b/2025/1xxx/CVE-2025-1833.json
@ -1,17 +1,109 @@
 {
+    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2025-1833",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "cna@vuldb.com",
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
+            },
+            {
+                "lang": "deu",
+                "value": "Eine kritische Schwachstelle wurde in zj1983 zz bis 2024-8 entdeckt. Davon betroffen ist die Funktion sendNotice der Datei src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java der Komponente HTTP Request Handler. Dank der Manipulation des Arguments url mit unbekannten Daten kann eine server-side request forgery-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Server-Side Request Forgery",
+                        "cweId": "CWE-918"
+                    }
+                ]
+            }
+        ]
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "zj1983",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "zz",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "=",
+                                            "version_value": "2024-8"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://vuldb.com/?id.298100",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?id.298100"
+            },
+            {
+                "url": "https://vuldb.com/?ctiid.298100",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?ctiid.298100"
+            },
+            {
+                "url": "https://vuldb.com/?submit.504833",
+                "refsource": "MISC",
+                "name": "https://vuldb.com/?submit.504833"
+            },
+            {
+                "url": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8%E5%90%8E%E5%8F%B0SSRF.md",
+                "refsource": "MISC",
+                "name": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_2024_8%E5%90%8E%E5%8F%B0SSRF.md"
+            }
+        ]
+    },
+    "credits": [
+        {
+            "lang": "en",
+            "value": "Caigo (VulDB User)"
+        }
+    ],
+    "impact": {
+        "cvss": [
+            {
+                "version": "3.1",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "3.0",
+                "baseScore": 6.3,
+                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+                "baseSeverity": "MEDIUM"
+            },
+            {
+                "version": "2.0",
+                "baseScore": 6.5,
+                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
            }
        ]
    }