From 3bd7e4cd2353bf4735b9782f02aa91d420af2807 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 2 Nov 2024 17:03:20 +0000 Subject: [PATCH] Auto-Update: 2024-11-02T17:00:20.182275+00:00 --- CVE-2024/CVE-2024-106xx/CVE-2024-10699.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-107xx/CVE-2024-10700.json | 141 ++++++++++++++++++++ README.md | 11 +- _state.csv | 4 +- 4 files changed, 291 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-106xx/CVE-2024-10699.json create mode 100644 CVE-2024/CVE-2024-107xx/CVE-2024-10700.json diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10699.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10699.json new file mode 100644 index 00000000000..114c085a130 --- /dev/null +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10699.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10699", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-02T15:15:16.313", + "lastModified": "2024-11-02T15:15:16.313", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/lan041221/cve/blob/main/sql9.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.282867", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.282867", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.435048", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10700.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10700.json new file mode 100644 index 00000000000..2cf9a4a50f0 --- /dev/null +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10700.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10700", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-02T16:15:03.243", + "lastModified": "2024-11-02T16:15:03.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that a variety of other parameters is affected too." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.282868", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.282868", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.435051", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5842b16dbf0..c2f4fd07caf 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-02T15:00:19.457758+00:00 +2024-11-02T17:00:20.182275+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-02T14:15:12.980000+00:00 +2024-11-02T16:15:03.243000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -268016 +268018 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-10698](CVE-2024/CVE-2024-106xx/CVE-2024-10698.json) (`2024-11-02T14:15:12.980`) +- [CVE-2024-10699](CVE-2024/CVE-2024-106xx/CVE-2024-10699.json) (`2024-11-02T15:15:16.313`) +- [CVE-2024-10700](CVE-2024/CVE-2024-107xx/CVE-2024-10700.json) (`2024-11-02T16:15:03.243`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index bedcf391408..7f94fc04e17 100644 --- a/_state.csv +++ b/_state.csv @@ -242718,8 +242718,10 @@ CVE-2024-1067,0,0,54f094f38a51fcd0954e79c36caca8c799a450eda4559137980b77dd6d9caf CVE-2024-1068,0,0,affccf40ed47a318eb2ecd8e307c56fa640a43f94e3b3e8b50a778ab4a9c998f,2024-08-26T19:35:04.287000 CVE-2024-1069,0,0,9f4b19e535b82e8b50b814b402985dc45959fb8eebaa25a120ba3f787349c9c3,2024-02-06T20:11:52.587000 CVE-2024-10697,0,0,b6a5fbdd54ff78ca8f29be9d904245700764dda2892e20d8100f91a87604ea47,2024-11-02T12:15:15.780000 -CVE-2024-10698,1,1,8281674c5312d1eac605117cac32e949ec8e479274dd1749bb2715d742010d6d,2024-11-02T14:15:12.980000 +CVE-2024-10698,0,0,8281674c5312d1eac605117cac32e949ec8e479274dd1749bb2715d742010d6d,2024-11-02T14:15:12.980000 +CVE-2024-10699,1,1,ef67a20c3335f29b114cad7b0aedb794f1b00f327f73345873f5e40c4d641fcb,2024-11-02T15:15:16.313000 CVE-2024-1070,0,0,945eeccf4f5ba232f5b58cbe0a0fb277520149997c332f988c0ef3d652aa0c5c,2024-02-29T13:49:29.390000 +CVE-2024-10700,1,1,b17b93e7f82967a1cd70f297abdf013df9d7712afeb0e21e10309930c9dd8b06,2024-11-02T16:15:03.243000 CVE-2024-1071,0,0,203dd69d50b387b330a57560d4e66e827311506680b4f1e4c4b62b6aa394169c,2024-03-13T18:16:18.563000 CVE-2024-1072,0,0,d1340477909607c729b87fb4231ec3eb5b83c947dd2f9537edfb72049dfc44f6,2024-02-13T19:44:28.620000 CVE-2024-1073,0,0,39b7dc528198b2afbafa91161478b052efb2c858a3c417cf6368bfe809460c5d,2024-02-07T20:56:30.313000