admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-09T10:00:24.593189+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-09 10:00:28 +00:00
parent cb900eb50b
commit 4dbafcf0db
3 changed files with 182 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2023/CVE-2023-48xx/CVE-2023-4846.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4846",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T08:15:07.430",
"lastModified": "2023-09-09T08:15:07.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/Swpan2018/Vulhub/blob/main/Simple-Membership-System%20delete_member.php%20has%20Sqlinjection.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239255",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239255",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2023/CVE-2023-48xx/CVE-2023-4847.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2023-4847",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-09T08:15:07.550",
"lastModified": "2023-09-09T08:15:07.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.239256",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.239256",
"source": "cna@vuldb.com"
}
]
}

11
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-09T08:00:24.830392+00:00
2023-09-09T10:00:24.593189+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-09T07:15:50.457000+00:00
2023-09-09T08:15:07.550000+00:00
```
### Last Data Feed Release
@ -29,14 +29,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224543
224545
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `2`
* [CVE-2023-4845](CVE-2023/CVE-2023-48xx/CVE-2023-4845.json) (`2023-09-09T07:15:50.457`)
* [CVE-2023-4846](CVE-2023/CVE-2023-48xx/CVE-2023-4846.json) (`2023-09-09T08:15:07.430`)
* [CVE-2023-4847](CVE-2023/CVE-2023-48xx/CVE-2023-4847.json) (`2023-09-09T08:15:07.550`)
### CVEs modified in the last Commit