From fe59f30007ec7fc6b52f3d0d1578f567608eb56d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Apr 2024 20:02:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/46xxx/CVE-2021-46905.json | 32 +--------- 2024/26xxx/CVE-2024-26794.json | 12 +++- 2024/26xxx/CVE-2024-26800.json | 22 ++++++- 2024/31xxx/CVE-2024-31851.json | 79 ++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3298.json | 103 ++----------------------------- 2024/3xxx/CVE-2024-3299.json | 108 ++------------------------------- 2024/3xxx/CVE-2024-3351.json | 100 ++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3352.json | 100 ++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3353.json | 100 ++++++++++++++++++++++++++++-- 2024/3xxx/CVE-2024-3354.json | 100 ++++++++++++++++++++++++++++-- 10 files changed, 500 insertions(+), 256 deletions(-) diff --git a/2021/46xxx/CVE-2021-46905.json b/2021/46xxx/CVE-2021-46905.json index 911bc33950d..8eccd92b138 100644 --- a/2021/46xxx/CVE-2021-46905.json +++ b/2021/46xxx/CVE-2021-46905.json @@ -38,21 +38,6 @@ "product_name": "Linux", "version": { "version_data": [ - { - "version_affected": "<", - "version_name": "a462067d7c8e", - "version_value": "5871761c5f0f" - }, - { - "version_affected": "<", - "version_name": "145c89c441d2", - "version_value": "0c71d4c89559" - }, - { - "version_affected": "<", - "version_name": "caf5ac93b3b5", - "version_value": "24b699bea755" - }, { "version_affected": "<", "version_name": "92028d7a31e5", @@ -143,21 +128,6 @@ }, "references": { "reference_data": [ - { - "url": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/5871761c5f0f20d6e98bf3b6bd7486d857589554" - }, - { - "url": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/0c71d4c89559f72cec2592d078681a843bce570e" - }, - { - "url": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1", - "refsource": "MISC", - "name": "https://git.kernel.org/stable/c/24b699bea7553fc0b98dad9d864befb6005ac7f1" - }, { "url": "https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725", "refsource": "MISC", @@ -191,6 +161,6 @@ ] }, "generator": { - "engine": "bippy-5f0117140d9a" + "engine": "bippy-e0c11145c45e" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26794.json b/2024/26xxx/CVE-2024-26794.json index df095c6d597..38e67617f2b 100644 --- a/2024/26xxx/CVE-2024-26794.json +++ b/2024/26xxx/CVE-2024-26794.json @@ -48,6 +48,11 @@ "version_name": "89bca7fe6382", "version_value": "31d07a757c6d" }, + { + "version_affected": "<", + "version_name": "b0ad381fa769", + "version_value": "a1a4a9ca77f1" + }, { "version_affected": "<", "version_name": "6.6.24", @@ -78,10 +83,15 @@ "url": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12" + }, + { + "url": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec" } ] }, "generator": { - "engine": "bippy-e0c11145c45e" + "engine": "bippy-5f0117140d9a" } } \ No newline at end of file diff --git a/2024/26xxx/CVE-2024-26800.json b/2024/26xxx/CVE-2024-26800.json index 4f174045040..39df6726598 100644 --- a/2024/26xxx/CVE-2024-26800.json +++ b/2024/26xxx/CVE-2024-26800.json @@ -38,6 +38,11 @@ "product_name": "Linux", "version": { "version_data": [ + { + "version_affected": "<", + "version_name": "cd1bbca03f3c", + "version_value": "f2b85a4cc763" + }, { "version_affected": "<", "version_name": "13eca403876b", @@ -48,6 +53,11 @@ "version_name": "ab6397f072e5", "version_value": "1ac9fb84bc7e" }, + { + "version_affected": "<", + "version_name": "859054147318", + "version_value": "13114dc55430" + }, { "version_affected": "<", "version_name": "6.6.18", @@ -69,6 +79,11 @@ }, "references": { "reference_data": [ + { + "url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89" + }, { "url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe", "refsource": "MISC", @@ -78,10 +93,15 @@ "url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1", "refsource": "MISC", "name": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1" + }, + { + "url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0", + "refsource": "MISC", + "name": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0" } ] }, "generator": { - "engine": "bippy-e0c11145c45e" + "engine": "bippy-5f0117140d9a" } } \ No newline at end of file diff --git a/2024/31xxx/CVE-2024-31851.json b/2024/31xxx/CVE-2024-31851.json index 167c7a386e4..f29c23f776c 100644 --- a/2024/31xxx/CVE-2024-31851.json +++ b/2024/31xxx/CVE-2024-31851.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-31851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CData", + "product": { + "product_data": [ + { + "product_name": "Sync", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "0", + "version_value": "23.4.8843" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.tenable.com/security/research/tra-2024-09", + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2024-09" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" } ] } diff --git a/2024/3xxx/CVE-2024-3298.json b/2024/3xxx/CVE-2024-3298.json index e45cd12c66a..04b21eaca9b 100644 --- a/2024/3xxx/CVE-2024-3298.json +++ b/2024/3xxx/CVE-2024-3298.json @@ -1,112 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3298", - "ASSIGNER": "3DS.Information-Security@3ds.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Out-Of-Bounds Write and Type Confusion vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF. NOTE: this vulnerability was SPLIT from CVE-2024-1847." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787 Out-of-bounds Write", - "cweId": "CWE-787" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')", - "cweId": "CWE-843" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dassault Syst\u00e8mes", - "product": { - "product_data": [ - { - "product_name": "eDrawings", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2023 SP0", - "version_value": "Release SOLIDWORKS 2023 SP5" - }, - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2024 SP0", - "version_value": "Release SOLIDWORKS 2024 SP1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.3ds.com/vulnerability/advisories", - "refsource": "MISC", - "name": "https://www.3ds.com/vulnerability/advisories" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Mat Powell of Trend Micro Zero Day Initiative" - }, - { - "lang": "en", - "value": "Mat Powell & Michael DePlante (@izobashi) of Trend Micro's Zero Day Initiative" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 7.8, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3299.json b/2024/3xxx/CVE-2024-3299.json index ce56ab623d7..adad00f79d7 100644 --- a/2024/3xxx/CVE-2024-3299.json +++ b/2024/3xxx/CVE-2024-3299.json @@ -1,117 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3299", - "ASSIGNER": "3DS.Information-Security@3ds.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "Out-Of-Bounds Write, Use of Uninitialized Resource and Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted SLDDRW or SLDPRT file. NOTE: this vulnerability was SPLIT from CVE-2024-1847." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416 Use After Free", - "cweId": "CWE-416" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-787 Out-of-bounds Write", - "cweId": "CWE-787" - } - ] - }, - { - "description": [ - { - "lang": "eng", - "value": "CWE-908 Use of Uninitialized Resource", - "cweId": "CWE-908" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Dassault Syst\u00e8mes", - "product": { - "product_data": [ - { - "product_name": "eDrawings", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2023 SP0", - "version_value": "Release SOLIDWORKS 2023 SP5" - }, - { - "version_affected": "<=", - "version_name": "Release SOLIDWORKS 2024 SP0", - "version_value": "Release SOLIDWORKS 2024 SP1" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://www.3ds.com/vulnerability/advisories", - "refsource": "MISC", - "name": "https://www.3ds.com/vulnerability/advisories" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "EXTERNAL" - }, - "credits": [ - { - "lang": "en", - "value": "Mat Powell of Trend Micro Zero Day Initiative" - } - ], - "impact": { - "cvss": [ - { - "version": "3.1", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "HIGH", - "baseScore": 7.8, - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2024/3xxx/CVE-2024-3351.json b/2024/3xxx/CVE-2024-3351.json index 3af66527232..9fc89d985c3 100644 --- a/2024/3xxx/CVE-2024-3351.json +++ b/2024/3xxx/CVE-2024-3351.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3351", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. This affects an unknown part of the file admin/mod_roomtype/index.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259455." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Es betrifft eine unbekannte Funktion der Datei admin/mod_roomtype/index.php. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259455", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259455" + }, + { + "url": "https://vuldb.com/?ctiid.259455", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259455" + }, + { + "url": "https://vuldb.com/?submit.310219", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310219" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-04" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3352.json b/2024/3xxx/CVE-2024-3352.json index a9cdb862e01..dfc65a49bd9 100644 --- a/2024/3xxx/CVE-2024-3352.json +++ b/2024/3xxx/CVE-2024-3352.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3352", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/mod_comments/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259456." + }, + { + "lang": "deu", + "value": "In SourceCodester Aplaya Beach Resort Online Reservation System 1.0 wurde eine kritische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei admin/mod_comments/index.php. Durch Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259456", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259456" + }, + { + "url": "https://vuldb.com/?ctiid.259456", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259456" + }, + { + "url": "https://vuldb.com/?submit.310220", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310220" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-05" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3353.json b/2024/3xxx/CVE-2024-3353.json index cd7353d6369..42e158a56cb 100644 --- a/2024/3xxx/CVE-2024-3353.json +++ b/2024/3xxx/CVE-2024-3353.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3353", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/mod_reports/index.php. The manipulation of the argument categ/end leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259457 was assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Eine kritische Schwachstelle wurde in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 gefunden. Dies betrifft einen unbekannten Teil der Datei admin/mod_reports/index.php. Dank der Manipulation des Arguments categ/end mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259457", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259457" + }, + { + "url": "https://vuldb.com/?ctiid.259457", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259457" + }, + { + "url": "https://vuldb.com/?submit.310221", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310221" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-06" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] } diff --git a/2024/3xxx/CVE-2024-3354.json b/2024/3xxx/CVE-2024-3354.json index 2b7399e9dd9..0f70841c770 100644 --- a/2024/3xxx/CVE-2024-3354.json +++ b/2024/3xxx/CVE-2024-3354.json @@ -1,17 +1,109 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-3354", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in SourceCodester Aplaya Beach Resort Online Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/mod_users/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259458 is the identifier assigned to this vulnerability." + }, + { + "lang": "deu", + "value": "Es wurde eine kritische Schwachstelle in SourceCodester Aplaya Beach Resort Online Reservation System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei admin/mod_users/index.php. Dank Manipulation des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection", + "cweId": "CWE-89" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SourceCodester", + "product": { + "product_data": [ + { + "product_name": "Aplaya Beach Resort Online Reservation System", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.259458", + "refsource": "MISC", + "name": "https://vuldb.com/?id.259458" + }, + { + "url": "https://vuldb.com/?ctiid.259458", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.259458" + }, + { + "url": "https://vuldb.com/?submit.310222", + "refsource": "MISC", + "name": "https://vuldb.com/?submit.310222" + }, + { + "url": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07", + "refsource": "MISC", + "name": "https://github.com/qqqyc/vlun1/blob/main/Aplaya-Beach-Resort-Online-Reservation-System-07" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "qianzui1004 (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + }, + { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" } ] }