admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-04-10 20:02:15 +00:00
parent 363baab483
commit fe59f30007
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
10 changed files with 500 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
2021/46xxx/CVE-2021-46905.json
View File

@ -38,21 +38,6 @@
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "a462067d7c8e",
"version_value": "5871761c5f0f"
},
{
"version_affected": "<",
"version_name": "145c89c441d2",
"version_value": "0c71d4c89559"
},
{
"version_affected": "<",
"version_name": "caf5ac93b3b5",
"version_value": "24b699bea755"
},
{
"version_affected": "<",
"version_name": "92028d7a31e5",
@ -143,21 +128,6 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554"
},
{
"url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e"
},
{
"url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1"
},
{
"url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725",
"refsource": "MISC",
@ -191,6 +161,6 @@
]
},
"generator": {
"engine": "bippy-5f0117140d9a"
"engine": "bippy-e0c11145c45e"
}
}

12
2024/26xxx/CVE-2024-26794.json
View File

@ -48,6 +48,11 @@
"version_name": "89bca7fe6382",
"version_value": "31d07a757c6d"
},
{
"version_affected": "<",
"version_name": "b0ad381fa769",
"version_value": "a1a4a9ca77f1"
},
{
"version_affected": "<",
"version_name": "6.6.24",
@ -78,10 +83,15 @@
"url": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12"
},
{
"url": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec"
}
]
},
"generator": {
"engine": "bippy-e0c11145c45e"
"engine": "bippy-5f0117140d9a"
}
}

22
2024/26xxx/CVE-2024-26800.json
View File

@ -38,6 +38,11 @@
"product_name": "Linux",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "cd1bbca03f3c",
"version_value": "f2b85a4cc763"
},
{
"version_affected": "<",
"version_name": "13eca403876b",
@ -48,6 +53,11 @@
"version_name": "ab6397f072e5",
"version_value": "1ac9fb84bc7e"
},
{
"version_affected": "<",
"version_name": "859054147318",
"version_value": "13114dc55430"
},
{
"version_affected": "<",
"version_name": "6.6.18",
@ -69,6 +79,11 @@
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89"
},
{
"url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe",
"refsource": "MISC",
@ -78,10 +93,15 @@
"url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1"
},
{
"url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0",
"refsource": "MISC",
"name": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0"
}
]
},
"generator": {
"engine": "bippy-e0c11145c45e"
"engine": "bippy-5f0117140d9a"
}
}

79
2024/31xxx/CVE-2024-31851.json
View File

@ -1,17 +1,88 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-31851",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "CData",
"product": {
"product_data": [
{
"product_name": "Sync",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "23.4.8843"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.tenable.com/security/research/tra-2024-09",
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2024-09"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

103
2024/3xxx/CVE-2024-3298.json
View File

@ -1,112 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3298",
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')",
"cweId": "CWE-843"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "eDrawings",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release SOLIDWORKS 2023 SP0",
"version_value": "Release SOLIDWORKS 2023 SP5"
},
{
"version_affected": "<=",
"version_name": "Release SOLIDWORKS 2024 SP0",
"version_value": "Release SOLIDWORKS 2024 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
},
{
"lang": "en",
"value": "Mat Powell & Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

108
2024/3xxx/CVE-2024-3299.json
View File

@ -1,117 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3299",
"ASSIGNER": "3DS.Information-Security@3ds.com",
"STATE": "PUBLIC"
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416 Use After Free",
"cweId": "CWE-416"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-908 Use of Uninitialized Resource",
"cweId": "CWE-908"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Dassault Syst\u00e8mes",
"product": {
"product_data": [
{
"product_name": "eDrawings",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "Release SOLIDWORKS 2023 SP0",
"version_value": "Release SOLIDWORKS 2023 SP5"
},
{
"version_affected": "<=",
"version_name": "Release SOLIDWORKS 2024 SP0",
"version_value": "Release SOLIDWORKS 2024 SP1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.3ds.com/vulnerability/advisories",
"refsource": "MISC",
"name": "https://www.3ds.com/vulnerability/advisories"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Mat Powell of Trend Micro Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

100
2024/3xxx/CVE-2024-3351.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3351",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/mod_roomtype/index.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259455."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei admin/mod_roomtype/index.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Aplaya Beach Resort Online Reservation System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259455",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259455"
},
{
"url": "https://vuldb.com/?ctiid.259455",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259455"
},
{
"url": "https://vuldb.com/?submit.310219",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.310219"
},
{
"url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04",
"refsource": "MISC",
"name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04"
}
]
},
"credits": [
{
"lang": "en",
"value": "qianzui1004 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3352.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3352",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/mod_comments/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259456."
},
{
"lang": "deu",
"value": "In SourceCodester Aplaya Beach Resort Online Reservation System 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin/mod_comments/index.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Aplaya Beach Resort Online Reservation System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259456",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259456"
},
{
"url": "https://vuldb.com/?ctiid.259456",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259456"
},
{
"url": "https://vuldb.com/?submit.310220",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.310220"
},
{
"url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05",
"refsource": "MISC",
"name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05"
}
]
},
"credits": [
{
"lang": "en",
"value": "qianzui1004 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3353.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3353",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/mod_reports/index.php. The manipulation of the argument categ/end leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259457 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei admin/mod_reports/index.php. Dank der Manipulation des Arguments categ/end mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Aplaya Beach Resort Online Reservation System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259457",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259457"
},
{
"url": "https://vuldb.com/?ctiid.259457",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259457"
},
{
"url": "https://vuldb.com/?submit.310221",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.310221"
},
{
"url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06",
"refsource": "MISC",
"name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06"
}
]
},
"credits": [
{
"lang": "en",
"value": "qianzui1004 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}

100
2024/3xxx/CVE-2024-3354.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-3354",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/mod_users/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259458 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei admin/mod_users/index.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "Aplaya Beach Resort Online Reservation System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.259458",
"refsource": "MISC",
"name": "https://vuldb.com/?id.259458"
},
{
"url": "https://vuldb.com/?ctiid.259458",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.259458"
},
{
"url": "https://vuldb.com/?submit.310222",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.310222"
},
{
"url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07",
"refsource": "MISC",
"name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07"
}
]
},
"credits": [
{
"lang": "en",
"value": "qianzui1004 (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}