From 072d68172a6affe6c04faa77c9236c6502d86262 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 19 Apr 2025 14:03:52 +0000 Subject: [PATCH] Auto-Update: 2025-04-19T14:00:19.719467+00:00 --- CVE-2025/CVE-2025-38xx/CVE-2025-3800.json | 141 ++++++++++++++++++++++ README.md | 12 +- _state.csv | 7 +- 3 files changed, 150 insertions(+), 10 deletions(-) create mode 100644 CVE-2025/CVE-2025-38xx/CVE-2025-3800.json diff --git a/CVE-2025/CVE-2025-38xx/CVE-2025-3800.json b/CVE-2025/CVE-2025-38xx/CVE-2025-3800.json new file mode 100644 index 00000000000..e1cd1affed9 --- /dev/null +++ b/CVE-2025/CVE-2025-38xx/CVE-2025-3800.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-3800", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-19T12:15:13.913", + "lastModified": "2025-04-19T12:15:13.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/IceFoxH/VULN/issues/14", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.305653", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.305653", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.554698", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 89ae53e25c4..a4b3deff296 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-19T12:00:22.886766+00:00 +2025-04-19T14:00:19.719467+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-19T11:15:48.967000+00:00 +2025-04-19T12:15:13.913000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -290905 +290906 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `1` -- [CVE-2025-3661](CVE-2025/CVE-2025-36xx/CVE-2025-3661.json) (`2025-04-19T10:15:14.200`) -- [CVE-2025-3798](CVE-2025/CVE-2025-37xx/CVE-2025-3798.json) (`2025-04-19T10:15:15.470`) -- [CVE-2025-3799](CVE-2025/CVE-2025-37xx/CVE-2025-3799.json) (`2025-04-19T11:15:48.967`) +- [CVE-2025-3800](CVE-2025/CVE-2025-38xx/CVE-2025-3800.json) (`2025-04-19T12:15:13.913`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7d8da488847..cc103a0d0c2 100644 --- a/_state.csv +++ b/_state.csv @@ -290670,7 +290670,7 @@ CVE-2025-3619,0,0,293c2369eeb799ada0ad11425c8ed32f87c6c646f1c3261326f845aaabedee CVE-2025-3620,0,0,d8aa01c605b07a603d6961b3879b3ecdfe6e401672f5e6bb60b8a094d603532e,2025-04-17T20:21:48.243000 CVE-2025-3622,0,0,6b7db9933e6b248f0000367113483a5e806bad53678214380c37af6b793ac885,2025-04-15T18:39:27.967000 CVE-2025-3651,0,0,0d88deff7ea7df5b2f76479933db1e164c52ae4da2ee01153c4c1f7101550c92,2025-04-17T20:21:48.243000 -CVE-2025-3661,1,1,15727507d1a37434425fd2712c82b40186b882129509bef509b9af8fb04a397f,2025-04-19T10:15:14.200000 +CVE-2025-3661,0,0,15727507d1a37434425fd2712c82b40186b882129509bef509b9af8fb04a397f,2025-04-19T10:15:14.200000 CVE-2025-36625,0,0,c1db7c1a963afe52868bb904c563f127fd3394c5cd64dc18e741c4bc19d0e0af,2025-04-18T20:15:16.807000 CVE-2025-3663,0,0,1ce80bfc94e480b50f27d0432deca8fffb2ad8de6b84f90469934d90488bc703,2025-04-16T13:25:37.340000 CVE-2025-3664,0,0,1768dbec432a631292ab0792b91b23e446ed218ac7ee245b57fd6eb101bb8145,2025-04-16T14:15:27.827000 @@ -290736,8 +290736,9 @@ CVE-2025-37925,0,0,16b230f701d07f2c578aa7357bd99e9bbcc9802a209b6e6456fe6a2cd5655 CVE-2025-3795,0,0,edf2a9c3fd7e208adcda7edcd2cf7ef06142dc08ad91d453d52364343c8848d5,2025-04-18T21:15:44.397000 CVE-2025-3796,0,0,cabc6bd1b4cfa4a61fa0a09aee4d8aedffdba9c4f2c2b4dcb80a71bf171ea3e3,2025-04-18T21:15:44.510000 CVE-2025-3797,0,0,dc74c58e912ecadafabc19b2658c869de58f7d56dcc527f1bfb1cbc6524b7d94,2025-04-19T07:15:13.250000 -CVE-2025-3798,1,1,49bede486667491bd386d9371a86ace9dd4957610b395db7d0b1355696e9b2e5,2025-04-19T10:15:15.470000 -CVE-2025-3799,1,1,a7ff078c0a124529743a62bee727512421125a7cf086d3f94578c1d7ab6fdb6a,2025-04-19T11:15:48.967000 +CVE-2025-3798,0,0,49bede486667491bd386d9371a86ace9dd4957610b395db7d0b1355696e9b2e5,2025-04-19T10:15:15.470000 +CVE-2025-3799,0,0,a7ff078c0a124529743a62bee727512421125a7cf086d3f94578c1d7ab6fdb6a,2025-04-19T11:15:48.967000 +CVE-2025-3800,1,1,5a8dd97821b67d356a95921757917e897c3845e23e6878e79795ab927b8af28b,2025-04-19T12:15:13.913000 CVE-2025-38049,0,0,7676e0b60d8c855a8dd99b4b359c4fa0a814b8ab512b074750cfe511fcf6fb68,2025-04-18T07:15:43.187000 CVE-2025-3809,0,0,f5fbe405d13683c6b73ef7af09c5f40188da9234689ff8ec610595967a32a1cd,2025-04-19T06:15:19.960000 CVE-2025-38104,0,0,aac46924a4c28c51faaf99f75d4c0a5d0a65a1747d000155ea8b633f4bfe56a7,2025-04-18T07:15:43.290000