diff --git a/2023/48xxx/CVE-2023-48298.json b/2023/48xxx/CVE-2023-48298.json index 47db0a9874e..5a4868ae0cb 100644 --- a/2023/48xxx/CVE-2023-48298.json +++ b/2023/48xxx/CVE-2023-48298.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48298", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickHouse\u00ae is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered and exploited by an unauthenticated attacker. The vulnerability is very similar to CVE-2023-47118 with how the vulnerable function can be exploited.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191: Integer Underflow (Wrap or Wraparound)", + "cweId": "CWE-191" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ClickHouse", + "product": { + "product_data": [ + { + "product_name": "ClickHouse", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 23.10.2.14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938", + "refsource": "MISC", + "name": "https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-qw9f-qv29-8938" + }, + { + "url": "https://github.com/ClickHouse/ClickHouse/pull/56795", + "refsource": "MISC", + "name": "https://github.com/ClickHouse/ClickHouse/pull/56795" + } + ] + }, + "source": { + "advisory": "GHSA-qw9f-qv29-8938", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" } ] } diff --git a/2023/48xxx/CVE-2023-48308.json b/2023/48xxx/CVE-2023-48308.json index 979b3818918..037d03f84b4 100644 --- a/2023/48xxx/CVE-2023-48308.json +++ b/2023/48xxx/CVE-2023-48308.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48308", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information", + "cweId": "CWE-1258" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nextcloud", + "product": { + "product_data": [ + { + "product_name": "security-advisories", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": ">= 3.0.0, < 4.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-qvjr-5rv8", + "refsource": "MISC", + "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fv3c-qvjr-5rv8" + }, + { + "url": "https://github.com/nextcloud/calendar/pull/5553", + "refsource": "MISC", + "name": "https://github.com/nextcloud/calendar/pull/5553" + } + ] + }, + "source": { + "advisory": "GHSA-fv3c-qvjr-5rv8", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 3.5, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49084.json b/2023/49xxx/CVE-2023-49084.json index f9e785ca4b7..a0a501e0063 100644 --- a/2023/49xxx/CVE-2023-49084.json +++ b/2023/49xxx/CVE-2023-49084.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49084", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. Impact of the vulnerability execution of arbitrary code on the server. " + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", + "cweId": "CWE-98" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cacti", + "product": { + "product_data": [ + { + "product_name": "cacti", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "= 1.2.25" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp" + } + ] + }, + "source": { + "advisory": "GHSA-pfh9-gwm6-86vp", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49086.json b/2023/49xxx/CVE-2023-49086.json index 4824aec7a24..9631f8ee842 100644 --- a/2023/49xxx/CVE-2023-49086.json +++ b/2023/49xxx/CVE-2023-49086.json @@ -1,17 +1,85 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49086", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack.\nExploitation of the vulnerability is possible for an authorized user. The vulnerable component is\nthe `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in\nthe attacked user's browser. This issue has been patched in version 1.2.26.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cacti", + "product": { + "product_data": [ + { + "product_name": "cacti", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "<= 1.2.25" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr" + } + ] + }, + "source": { + "advisory": "GHSA-wc73-r2vw-59pr", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49680.json b/2023/49xxx/CVE-2023-49680.json index a4cc8b6577c..448d68b1914 100644 --- a/2023/49xxx/CVE-2023-49680.json +++ b/2023/49xxx/CVE-2023-49680.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49681.json b/2023/49xxx/CVE-2023-49681.json index 526e6c45faa..a4118551e5c 100644 --- a/2023/49xxx/CVE-2023-49681.json +++ b/2023/49xxx/CVE-2023-49681.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'cmbQual' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49682.json b/2023/49xxx/CVE-2023-49682.json index aa23fac6efb..f81dd2838ec 100644 --- a/2023/49xxx/CVE-2023-49682.json +++ b/2023/49xxx/CVE-2023-49682.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDate' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49683.json b/2023/49xxx/CVE-2023-49683.json index 881a9d89140..b37a689d451 100644 --- a/2023/49xxx/CVE-2023-49683.json +++ b/2023/49xxx/CVE-2023-49683.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtDesc' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49684.json b/2023/49xxx/CVE-2023-49684.json index 10794b8af9c..635649ed933 100644 --- a/2023/49xxx/CVE-2023-49684.json +++ b/2023/49xxx/CVE-2023-49684.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTitle' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49685.json b/2023/49xxx/CVE-2023-49685.json index 2e52cc01c1c..4d459a0691b 100644 --- a/2023/49xxx/CVE-2023-49685.json +++ b/2023/49xxx/CVE-2023-49685.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTime' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49686.json b/2023/49xxx/CVE-2023-49686.json index 3d00f9e8d23..3f620ec5e60 100644 --- a/2023/49xxx/CVE-2023-49686.json +++ b/2023/49xxx/CVE-2023-49686.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtTotal' parameter of the Employer/InsertWalkin.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49687.json b/2023/49xxx/CVE-2023-49687.json index eb2c55a3c56..43b7ff3d453 100644 --- a/2023/49xxx/CVE-2023-49687.json +++ b/2023/49xxx/CVE-2023-49687.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtPass' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49688.json b/2023/49xxx/CVE-2023-49688.json index eaa0062444b..619c15aba48 100644 --- a/2023/49xxx/CVE-2023-49688.json +++ b/2023/49xxx/CVE-2023-49688.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'txtUser' parameter of the login.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49689.json b/2023/49xxx/CVE-2023-49689.json index 65240cc1bcb..273a2ccbec4 100644 --- a/2023/49xxx/CVE-2023-49689.json +++ b/2023/49xxx/CVE-2023-49689.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'JobId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/49xxx/CVE-2023-49690.json b/2023/49xxx/CVE-2023-49690.json index 9fe33520a4a..a294aeafddf 100644 --- a/2023/49xxx/CVE-2023-49690.json +++ b/2023/49xxx/CVE-2023-49690.json @@ -1,17 +1,92 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-49690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "help@fluidattacks.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.\u00a0The 'WalkinId' parameter of the Employer/DeleteJob.php resource\u00a0does not validate the characters received and they\u00a0are sent unfiltered to the database.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Kashipara Group", + "product": { + "product_data": [ + { + "product_name": "Job Portal", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://fluidattacks.com/advisories/pollini/", + "refsource": "MISC", + "name": "https://fluidattacks.com/advisories/pollini/" + }, + { + "url": "https://www.kashipara.com/", + "refsource": "MISC", + "name": "https://www.kashipara.com/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/7xxx/CVE-2023-7073.json b/2023/7xxx/CVE-2023-7073.json new file mode 100644 index 00000000000..73fc5cbd339 --- /dev/null +++ b/2023/7xxx/CVE-2023-7073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-7073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file