Auto-Update: 2024-10-12T23:55:17.366296+00:00

2025-05-08 11:37:26 +00:00 · 2024-10-12 23:58:18 +00:00 · 2024-10-12 23:58:18 +00:00 · 59ebb40fcc
commit 59ebb40fcc
parent 0eb73066ea
3 changed files with 143 additions and 5 deletions
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9903.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9903.json
@ -0,0 +1,137 @@
+{
+  "id": "CVE-2024-9903",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-10-12T23:15:11.027",
+  "lastModified": "2024-10-12T23:15:11.027",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.1,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "MULTIPLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.8
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 6.4,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE19-1.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.280179",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.280179",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.421685",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-12T16:00:17.161345+00:00
+2024-10-12T23:55:17.366296+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-12T14:15:02.753000+00:00
+2024-10-12T23:15:11.027000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-265441
+265442
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-49193](CVE-2024/CVE-2024-491xx/CVE-2024-49193.json) (`2024-10-12T14:15:02.753`)
+- [CVE-2024-9903](CVE-2024/CVE-2024-99xx/CVE-2024-9903.json) (`2024-10-12T23:15:11.027`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -261883,7 +261883,7 @@ CVE-2024-4916,0,0,7f9c97d60056af6520ce5e52312d7e3a0a1a6112ce8355fa197ec22854a966
 CVE-2024-4917,0,0,6cef1f1b9c67b0bba74556ced18fc262fe370a97a734fa36d53272fcc01b0da0,2024-06-04T19:20:53.527000
 CVE-2024-4918,0,0,d46f8a4fb764a0404096a5c058a93218c921ca6c4bf015a8f26430856edda636,2024-05-17T02:40:42.037000
 CVE-2024-4919,0,0,c726f606173904c8377395d864d6d1f0bfcdbe8df42cdb4cc2d61ca12557d877,2024-06-04T19:20:53.633000
-CVE-2024-49193,1,1,2851afa7c225e08bb86128aa4f7b999842e89112e2dd59d18a0e218abc776b3b,2024-10-12T14:15:02.753000
+CVE-2024-49193,0,0,2851afa7c225e08bb86128aa4f7b999842e89112e2dd59d18a0e218abc776b3b,2024-10-12T14:15:02.753000
 CVE-2024-4920,0,0,fb11a98a98fcee227749c982e12efa14a4a4b18da858cef87f2552ce91a0c62d,2024-05-17T02:40:42.227000
 CVE-2024-4921,0,0,1060b5013f8dc8547f0f33cabd337061fb69f6fcf324e5387138007cbeb6a9c1,2024-06-04T19:20:53.730000
 CVE-2024-4922,0,0,692b7adcf322621580a484f8f9b29edc18ffd7d0d7aa81554818742dd70afb00,2024-06-20T20:15:20.020000
@ -265440,3 +265440,4 @@ CVE-2024-9859,0,0,4c2e27e83d096af209ad8d4a7ba60ec60caaadb1032a58969905b29c3c0c3d
 CVE-2024-9860,0,0,9c9c6a59ce227b8b9c92f258ea8c8577b19c36b99b060db27cd4697c8991bf8d,2024-10-12T03:15:02.757000
 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000
 CVE-2024-9894,0,0,e4e640fa9b528f08dc5c5d33be8f6b79ae250b3934762a705b5583518e0f59c7,2024-10-12T13:15:13.737000
+CVE-2024-9903,1,1,58f302b12a47dd7ead8fa1f9333271cdf28eca910f8797ea587621aaa127ff01,2024-10-12T23:15:11.027000