Auto-Update: 2025-01-11T13:00:20.357816+00:00

2025-05-07 19:16:29 +00:00 · 2025-01-11 13:03:44 +00:00 · 2025-01-11 13:03:44 +00:00 · 32c31ab42b
commit 32c31ab42b
parent ce3423aeef
3 changed files with 143 additions and 5 deletions
--- a/CVE-2025/CVE-2025-03xx/CVE-2025-0392.json
+++ b/CVE-2025/CVE-2025-03xx/CVE-2025-0392.json
@ -0,0 +1,137 @@
+{
+  "id": "CVE-2025-0392",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-01-11T11:15:06.657",
+  "lastModified": "2025-01-11T11:15:06.657",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IBFK93",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.291126",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.291126",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-11T11:00:19.467401+00:00
+2025-01-11T13:00:20.357816+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-11T09:15:05.937000+00:00
+2025-01-11T11:15:06.657000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-276723
+276724
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2025-0391](CVE-2025/CVE-2025-03xx/CVE-2025-0391.json) (`2025-01-11T09:15:05.937`)
+- [CVE-2025-0392](CVE-2025/CVE-2025-03xx/CVE-2025-0392.json) (`2025-01-11T11:15:06.657`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -276481,7 +276481,8 @@ CVE-2025-0347,0,0,6deecfeab5129f64e2a00007dc87253c44d21860263f71f54e4dc7b1cdd350
 CVE-2025-0348,0,0,331eb1ff4b382b4fa4cded2d4eff33d4e1224a2775f1380fa27191f50e86e003,2025-01-09T10:15:07.700000
 CVE-2025-0349,0,0,113bd719c64af64e563d3b7f6bc64a9c5a1e1f5ad7d7591de270b2e445c8d15a,2025-01-09T11:15:16.547000
 CVE-2025-0390,0,0,e8680a8850f5f93c327358a0bafb5800686853499fcfad6c845505a58dd62509,2025-01-11T08:15:26.527000
-CVE-2025-0391,1,1,92a57f196719fdf887816695b3a83526079e0969236a36b3dfc45b775c9f93d0,2025-01-11T09:15:05.937000
+CVE-2025-0391,0,0,92a57f196719fdf887816695b3a83526079e0969236a36b3dfc45b775c9f93d0,2025-01-11T09:15:05.937000
+CVE-2025-0392,1,1,aa9606366d99278451746d2e901d7f278b325bf8d4482ec56713b1565fb0cf2e,2025-01-11T11:15:06.657000
 CVE-2025-20033,0,0,6018e09e60bc36da724018ac20bc63bc1922bb37746fdb9e10624cea7c137ebf,2025-01-09T07:15:28.450000
 CVE-2025-20123,0,0,7f3b728d3f9cbfa875df0a45e50a08c953f805f15b1141475f4e31dfbed0e1d1,2025-01-08T16:15:38.150000
 CVE-2025-20126,0,0,1585188395ef0aa5a894bbea6d526bdf238d58865dbcb187ac89434fb8c590b9,2025-01-08T19:15:38.553000