mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
133 lines
5.4 KiB
JSON
133 lines
5.4 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-0523",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "In CmsEasy bis 7.7.7 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um die Funktion getslide_child_action in der Bibliothek lib/admin/language_admin.php. Durch die Manipulation des Arguments sid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-89 SQL Injection",
|
|
"cweId": "CWE-89"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "n/a",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "CmsEasy",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.3"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.6"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "7.7.7"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.250693",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.250693"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.250693",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.250693"
|
|
},
|
|
{
|
|
"url": "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md"
|
|
}
|
|
]
|
|
},
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "V3geD4g (VulDB User)"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 6.3,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 6.5,
|
|
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |