diff --git a/2019/25xxx/CVE-2019-25218.json b/2019/25xxx/CVE-2019-25218.json index 937b1018428..293e598c20d 100644 --- a/2019/25xxx/CVE-2019-25218.json +++ b/2019/25xxx/CVE-2019-25218.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-25218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "nik00726", + "product": { + "product_data": [ + { + "product_name": "Photo Gallery Slideshow & Masonry Tiled Gallery", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05ff1b1e-f7ba-485d-9421-9bb38f6831ef?source=cve" + }, + { + "url": "https://wordpress.org/plugins/wp-responsive-photo-gallery/", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-responsive-photo-gallery/" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.3/wp-responsive-photo-gallery.php#L1393", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.3/wp-responsive-photo-gallery.php#L1393" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.4/wp-responsive-photo-gallery.php#L1614", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wp-responsive-photo-gallery/tags/1.0.4/wp-responsive-photo-gallery.php#L1614" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Ala Arfaoui" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" } ] } diff --git a/2024/10xxx/CVE-2024-10131.json b/2024/10xxx/CVE-2024-10131.json index f55e4616fd9..ded9287fc8c 100644 --- a/2024/10xxx/CVE-2024-10131.json +++ b/2024/10xxx/CVE-2024-10131.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-10131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@huntr.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The `add_llm` function in `llm_app.py` in infiniflow/ragflow version 0.11.0 contains a remote code execution (RCE) vulnerability. The function uses user-supplied input `req['llm_factory']` and `req['llm_name']` to dynamically instantiate classes from various model dictionaries. This approach allows an attacker to potentially execute arbitrary code due to the lack of comprehensive input validation or sanitization. An attacker could provide a malicious value for 'llm_factory' that, when used as an index to these model dictionaries, results in the execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "infiniflow", + "product": { + "product_data": [ + { + "product_name": "infiniflow/ragflow", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "unspecified", + "version_value": "latest" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa", + "refsource": "MISC", + "name": "https://huntr.com/bounties/42ae0b27-e851-4b58-a991-f691a437fbaa" + } + ] + }, + "source": { + "advisory": "42ae0b27-e851-4b58-a991-f691a437fbaa", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" } ] } diff --git a/2024/9xxx/CVE-2024-9219.json b/2024/9xxx/CVE-2024-9219.json index 68eea01f435..d722ade1889 100644 --- a/2024/9xxx/CVE-2024-9219.json +++ b/2024/9xxx/CVE-2024-9219.json @@ -1,17 +1,95 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-9219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress Social Share Buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "maxfoundry", + "product": { + "product_data": [ + { + "product_name": "WordPress Social Share Buttons", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "1.19" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b19aa8ca-0ce8-4a9a-8f71-7d7e67e8f99b?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/tags/1.19/share-button/trunk/admin/page_editor.php#L78", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/tags/1.19/share-button/trunk/admin/page_editor.php#L78" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/share-button/tags/1.19/admin/page_editor.php#L60", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/share-button/tags/1.19/admin/page_editor.php#L60" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3171315/", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/3171315/" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Colin Xu" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" } ] }