From 1ff93a7e41af910b7217e4f048e2b42b45ca6988 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 28 Jul 2024 10:03:11 +0000 Subject: [PATCH] Auto-Update: 2024-07-28T10:00:17.122330+00:00 --- CVE-2024/CVE-2024-37xx/CVE-2024-3768.json | 52 ++++++++++++++++++++++- README.md | 11 +++-- _state.csv | 6 +-- 3 files changed, 58 insertions(+), 11 deletions(-) diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json index 8376708e2fb..b876d55d5bd 100644 --- a/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json @@ -2,13 +2,13 @@ "id": "CVE-2024-3768", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-15T04:15:15.673", - "lastModified": "2024-05-17T02:40:07.203", + "lastModified": "2024-07-28T08:15:01.760", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615." + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], "cvssMetricV31": [ { "source": "cna@vuldb.com", @@ -81,6 +125,10 @@ "url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md", "source": "cna@vuldb.com" }, + { + "url": "https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.260615", "source": "cna@vuldb.com" diff --git a/README.md b/README.md index 33f0f591075..9c1baf47202 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-28T06:00:17.515021+00:00 +2024-07-28T10:00:17.122330+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-28T04:15:01.980000+00:00 +2024-07-28T08:15:01.760000+00:00 ``` ### Last Data Feed Release @@ -38,16 +38,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `0` -- [CVE-2024-42054](CVE-2024/CVE-2024-420xx/CVE-2024-42054.json) (`2024-07-28T04:15:01.893`) -- [CVE-2024-42055](CVE-2024/CVE-2024-420xx/CVE-2024-42055.json) (`2024-07-28T04:15:01.980`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-3768](CVE-2024/CVE-2024-37xx/CVE-2024-3768.json) (`2024-07-28T08:15:01.760`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0bf2ac0fd75..05c304546ae 100644 --- a/_state.csv +++ b/_state.csv @@ -254398,7 +254398,7 @@ CVE-2024-37676,0,0,6ad8fad417258eaeed295e3f1a6b5e0c3c6a74f03ac9d56176a4f958490ee CVE-2024-37677,0,0,5a3d710b80c82f02ba319a70df287c39fb486869f56126fd4a5509c1adbddf16,2024-07-03T02:04:35.833000 CVE-2024-37678,0,0,b53cf5e5c141313af786935fd493df7a78799a2dc77ec1659050d0d5bd21f5f1,2024-07-03T02:04:36.657000 CVE-2024-37679,0,0,89d4b481b4eeda09e3de57b5ce5fac803deedba18cfe07a1aafdd3872dcfad15,2024-07-03T02:04:37.457000 -CVE-2024-3768,0,0,f04925873dd1c70b5e5e9919c978a6f4ad79aae9b1a95acd99a4b7e487e3dbf5,2024-05-17T02:40:07.203000 +CVE-2024-3768,0,1,d5ff2a05d14354be14cd5fd5e8a000f35406d8c28f3d36a50929ee183340c26f,2024-07-28T08:15:01.760000 CVE-2024-37680,0,0,251f8a25b0a9450d71379f12a2d545c394553c2edc47dd2498070a81216f31b0,2024-07-03T02:04:38.277000 CVE-2024-37681,0,0,50c17c13eb6020a45cca0ec4c8bbeb71579ac7d2bcb6d4f24737f1abc179ccb9,2024-06-25T12:24:17.873000 CVE-2024-3769,0,0,2784cad665d7ef60d8d7cccd7ae3d6fd92b2c63c26e72dea02fd9f98262ae0e9,2024-05-17T02:40:07.297000 @@ -256050,8 +256050,8 @@ CVE-2024-42050,0,0,069bcb94d92b2ffde631fcb86a8bdcda67ae5d55ac205c0a6f5708f013752 CVE-2024-42051,0,0,bad9dba334e15b5558c45e9e79f249e9028e4ce76f1807fe4771c75cc3bd1670,2024-07-28T03:15:02.033000 CVE-2024-42052,0,0,f665ee810dccd8da592fe650248815a5f4b838dee88c8934013fa18f8cb2e219,2024-07-28T03:15:02.223000 CVE-2024-42053,0,0,ab8ba1de76d1d6f71d8f55d55b33a0ba2f2def2faecdc7b266a468894ceca406,2024-07-28T03:15:02.400000 -CVE-2024-42054,1,1,560f9fa97eb1a231d1b4f8d6ad04e2a8721de61fa76eda2b983f48972faac937,2024-07-28T04:15:01.893000 -CVE-2024-42055,1,1,08518701f740fab2c54c86454db3aec4f5fd1f4f4a8499964f137d83c56148e9,2024-07-28T04:15:01.980000 +CVE-2024-42054,0,0,560f9fa97eb1a231d1b4f8d6ad04e2a8721de61fa76eda2b983f48972faac937,2024-07-28T04:15:01.893000 +CVE-2024-42055,0,0,08518701f740fab2c54c86454db3aec4f5fd1f4f4a8499964f137d83c56148e9,2024-07-28T04:15:01.980000 CVE-2024-4206,0,0,094d5b07d12006961f56a1900b69d613595338528ec5cf7d408eb10d270cfa9f,2024-06-11T10:15:13.553000 CVE-2024-4208,0,0,32e5dd37fcb796c0866341642387d4cc76a1d3ae9362eee8c22ff2c138c94874,2024-05-15T16:40:19.330000 CVE-2024-4209,0,0,73e6ff7069000ef9b882dbeb22ec86d30ab8128c3e8205cf1b4908f467c2faa9,2024-05-14T16:11:39.510000