diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49816.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49816.json new file mode 100644 index 00000000000..86a02b47dc6 --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49816.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49816", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-17T11:15:07.210", + "lastModified": "2023-12-17T11:15:07.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/fix-my-feed-rss-repair/wordpress-fix-my-feed-rss-repair-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49824.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49824.json new file mode 100644 index 00000000000..ee96e625bb2 --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49824.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49824", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-17T11:15:07.910", + "lastModified": "2023-12-17T11:15:07.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/product-catalog-feed/wordpress-product-catalog-feed-by-pixelyoursite-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-498xx/CVE-2023-49834.json b/CVE-2023/CVE-2023-498xx/CVE-2023-49834.json new file mode 100644 index 00000000000..86d237e4087 --- /dev/null +++ b/CVE-2023/CVE-2023-498xx/CVE-2023-49834.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-49834", + "sourceIdentifier": "audit@patchstack.com", + "published": "2023-12-17T11:15:08.133", + "lastModified": "2023-12-17T11:15:08.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX \u2013 Currency Switcher Professional for WooCommerce.This issue affects FOX \u2013 Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6898.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6898.json new file mode 100644 index 00000000000..9978376c5f5 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6898.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2023-6898", + "sourceIdentifier": "cna@vuldb.com", + "published": "2023-12-17T11:15:08.327", + "lastModified": "2023-12-17T11:15:08.327", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.248256", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.248256", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3d8093c138f..be040336ee0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-12-17T11:00:24.006058+00:00 +2023-12-17T13:00:24.844058+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-12-17T10:15:08.260000+00:00 +2023-12-17T11:15:08.327000+00:00 ``` ### Last Data Feed Release @@ -29,18 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -233558 +233562 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `4` -* [CVE-2023-24380](CVE-2023/CVE-2023-243xx/CVE-2023-24380.json) (`2023-12-17T10:15:07.430`) -* [CVE-2023-49751](CVE-2023/CVE-2023-497xx/CVE-2023-49751.json) (`2023-12-17T10:15:07.667`) -* [CVE-2023-49769](CVE-2023/CVE-2023-497xx/CVE-2023-49769.json) (`2023-12-17T10:15:07.880`) -* [CVE-2023-49775](CVE-2023/CVE-2023-497xx/CVE-2023-49775.json) (`2023-12-17T10:15:08.070`) -* [CVE-2023-6896](CVE-2023/CVE-2023-68xx/CVE-2023-6896.json) (`2023-12-17T10:15:08.260`) +* [CVE-2023-49816](CVE-2023/CVE-2023-498xx/CVE-2023-49816.json) (`2023-12-17T11:15:07.210`) +* [CVE-2023-49824](CVE-2023/CVE-2023-498xx/CVE-2023-49824.json) (`2023-12-17T11:15:07.910`) +* [CVE-2023-49834](CVE-2023/CVE-2023-498xx/CVE-2023-49834.json) (`2023-12-17T11:15:08.133`) +* [CVE-2023-6898](CVE-2023/CVE-2023-68xx/CVE-2023-6898.json) (`2023-12-17T11:15:08.327`) ### CVEs modified in the last Commit