Auto-Update: 2024-09-28T10:00:17.565544+00:00

2025-07-11 16:13:34 +00:00 · 2024-09-28 10:03:18 +00:00 · 2024-09-28 10:03:18 +00:00 · 6716aabeb2
commit 6716aabeb2
parent 57a81d1612
4 changed files with 224 additions and 26 deletions
--- a/CVE-2024/CVE-2024-87xx/CVE-2024-8712.json
+++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8712.json
@ -0,0 +1,64 @@
 {
  "id": "CVE-2024-8712",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-09-28T09:15:02.167",
  "lastModified": "2024-09-28T09:15:02.167",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The GTM Server Side plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/browser/gtm-server-side/tags/2.1.19/templates/class-gtm-server-side-admin.php#L30",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3158847/gtm-server-side/tags/2.1.20/templates/class-gtm-server-side-admin.php",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/28f77d5a-fc17-4e17-85b9-4e6f66dbf2c7?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-92xx/CVE-2024-9296.json
+++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9296.json
@ -0,0 +1,141 @@
 {
  "id": "CVE-2024-9296",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-09-28T09:15:02.600",
  "lastModified": "2024-09-28T09:15:02.600",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in SourceCodester Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /control/forgot_pass.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "LOW",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "LOW",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 6.9,
          "baseSeverity": "MEDIUM"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/para-paradise/webray.com.cn/blob/main/Advocate%20office%20management%20system/Advocate%20office%20management%20system%20forgot_pass.php%20time-based%20SQL%20Injection%20Vulnerability.md",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?ctiid.278790",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?id.278790",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?submit.412461",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://www.sourcecodester.com/",
      "source": "cna@vuldb.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-09-28T08:00:16.756926+00:00
+2024-09-28T10:00:17.565544+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-09-28T07:15:04.123000+00:00
+2024-09-28T09:15:02.600000+00:00
 ```
 ### Last Data Feed Release
@ -33,24 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-264088
+264090
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `11`
+Recently added CVEs: `2`
- [CVE-2024-23923](CVE-2024/CVE-2024-239xx/CVE-2024-23923.json) (`2024-09-28T07:15:02.440`)
+- [CVE-2024-8712](CVE-2024/CVE-2024-87xx/CVE-2024-8712.json) (`2024-09-28T09:15:02.167`)
- [CVE-2024-23924](CVE-2024/CVE-2024-239xx/CVE-2024-23924.json) (`2024-09-28T07:15:02.790`)
+- [CVE-2024-9296](CVE-2024/CVE-2024-92xx/CVE-2024-9296.json) (`2024-09-28T09:15:02.600`)
 - [CVE-2024-23935](CVE-2024/CVE-2024-239xx/CVE-2024-23935.json) (`2024-09-28T07:15:02.997`)
 - [CVE-2024-23938](CVE-2024/CVE-2024-239xx/CVE-2024-23938.json) (`2024-09-28T06:15:02.200`)
 - [CVE-2024-23957](CVE-2024/CVE-2024-239xx/CVE-2024-23957.json) (`2024-09-28T06:15:02.787`)
 - [CVE-2024-23958](CVE-2024/CVE-2024-239xx/CVE-2024-23958.json) (`2024-09-28T07:15:03.183`)
 - [CVE-2024-23959](CVE-2024/CVE-2024-239xx/CVE-2024-23959.json) (`2024-09-28T07:15:03.367`)
 - [CVE-2024-23960](CVE-2024/CVE-2024-239xx/CVE-2024-23960.json) (`2024-09-28T07:15:03.550`)
 - [CVE-2024-23961](CVE-2024/CVE-2024-239xx/CVE-2024-23961.json) (`2024-09-28T07:15:03.740`)
 - [CVE-2024-23967](CVE-2024/CVE-2024-239xx/CVE-2024-23967.json) (`2024-09-28T07:15:03.937`)
 - [CVE-2024-9295](CVE-2024/CVE-2024-92xx/CVE-2024-9295.json) (`2024-09-28T07:15:04.123`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245866,13 +245866,13 @@ CVE-2024-23916,0,0,5077cd24018e805b075cf41f1ccac823739f63acd7350dd61dccd4ccae773
 CVE-2024-23917,0,0,f3236f3886ac3a298029762564187aed866f84d01e9365abb654a21b0d966829,2024-02-09T01:05:22.180000
 CVE-2024-2392,0,0,a1f238224b889878ea8101bb03eb85f7363cbe3f032b78dbb59584257d093c6d,2024-03-22T12:45:36.130000
 CVE-2024-23922,0,0,288cd2c46a3e75a5e0ef35cc35e0f6530d4d6b67a2eb2b42fa02b67f3d5649f8,2024-09-26T13:32:55.343000
-CVE-2024-23923,1,1,018ef5fcdc300723cc2e14dae15017b4a930053d99c9fd577ac55b06f0be1909,2024-09-28T07:15:02.440000
+CVE-2024-23923,0,0,018ef5fcdc300723cc2e14dae15017b4a930053d99c9fd577ac55b06f0be1909,2024-09-28T07:15:02.440000
-CVE-2024-23924,1,1,fb697cc01f0647d1e21deb85e2308042905d41cb886de08cb4a4c797a6686033,2024-09-28T07:15:02.790000
+CVE-2024-23924,0,0,fb697cc01f0647d1e21deb85e2308042905d41cb886de08cb4a4c797a6686033,2024-09-28T07:15:02.790000
 CVE-2024-2393,0,0,df74eedb2cf97a7cc02bf0873514b7acec290c6b3a77795cc7def5200bf6c3d3,2024-05-17T02:38:12.530000
 CVE-2024-23933,0,0,01d625badee588d8b28d0d0fbf55d2f47d0b150143df0e8338ce37487a8f0580,2024-09-26T13:32:55.343000
 CVE-2024-23934,0,0,61cba64dd7d447d31e2c1c1cee321294df02a41fb555e62b1a346e8bb423690c,2024-09-26T13:32:55.343000
-CVE-2024-23935,1,1,9cfbd19dce3c7f3d17422ef8161abd59a134553512dbcc0c875da949d881f04b,2024-09-28T07:15:02.997000
+CVE-2024-23935,0,0,9cfbd19dce3c7f3d17422ef8161abd59a134553512dbcc0c875da949d881f04b,2024-09-28T07:15:02.997000
-CVE-2024-23938,1,1,d8c7a959dc5a0629d9048ef2f2c4ba4766c3b1bb0c0a6e0dacc9099fa012bc21,2024-09-28T06:15:02.200000
+CVE-2024-23938,0,0,d8c7a959dc5a0629d9048ef2f2c4ba4766c3b1bb0c0a6e0dacc9099fa012bc21,2024-09-28T06:15:02.200000
 CVE-2024-2394,0,0,601af7bb68f57fdb63dc28b1a3be4e92facb0bb452d0b42ad5d6937b933c3deb,2024-05-17T02:38:12.620000
 CVE-2024-23940,0,0,1c0bdede0fd3b02e7f9ad21f2aa27ec6ae45825d094730a07bddf507f926c4e8,2024-02-06T19:19:33.920000
 CVE-2024-23941,0,0,9709bab66e0af4d3dc69e9a86a5316f0273a5a15f2aac5ab4098dcbc1f12f8f7,2024-02-06T21:37:12.433000
@ -245885,12 +245885,12 @@ CVE-2024-2395,0,0,37ecce73517ecefe68574d74e2265f3d2a49c15c536980e217743e28f1db87
 CVE-2024-23950,0,0,25847234553a7a7aa3af838a477d7b6f4a5c35ccd2e774f811d68e8ce720445a,2024-06-10T17:16:19.833000
 CVE-2024-23951,0,0,14a64f857e19fa20b9d905d154185c191d80e1c0b6ed53dd9050b70f076dc813,2024-06-10T17:16:19.930000
 CVE-2024-23952,0,0,34c7e2d5919ffb2785317596bbeb44591446a81e60ca69df2cdc3c3c37179a86,2024-02-14T14:16:07.460000
-CVE-2024-23957,1,1,37a91ce79040106532d239390ae444b6332819b7e9f72cf65c63091df80b24de,2024-09-28T06:15:02.787000
+CVE-2024-23957,0,0,37a91ce79040106532d239390ae444b6332819b7e9f72cf65c63091df80b24de,2024-09-28T06:15:02.787000
-CVE-2024-23958,1,1,cae83859b27785e2bbae1d2b2ec6953f20791a55cf2974554a466cdfbb519ee7,2024-09-28T07:15:03.183000
+CVE-2024-23958,0,0,cae83859b27785e2bbae1d2b2ec6953f20791a55cf2974554a466cdfbb519ee7,2024-09-28T07:15:03.183000
-CVE-2024-23959,1,1,c8308e13450d2238caf0d7b06734770079188f9a2ef38eb64ae23ee6e678a522,2024-09-28T07:15:03.367000
+CVE-2024-23959,0,0,c8308e13450d2238caf0d7b06734770079188f9a2ef38eb64ae23ee6e678a522,2024-09-28T07:15:03.367000
-CVE-2024-23960,1,1,fda5fbb384c44cfd892f3a255575c7cf6ce4c2641fb844129ac1686dd7735a55,2024-09-28T07:15:03.550000
+CVE-2024-23960,0,0,fda5fbb384c44cfd892f3a255575c7cf6ce4c2641fb844129ac1686dd7735a55,2024-09-28T07:15:03.550000
-CVE-2024-23961,1,1,774760d9234af4b9b92feb77a30beda5760511ad18696f76b2ebaa44aee95b0e,2024-09-28T07:15:03.740000
+CVE-2024-23961,0,0,774760d9234af4b9b92feb77a30beda5760511ad18696f76b2ebaa44aee95b0e,2024-09-28T07:15:03.740000
-CVE-2024-23967,1,1,2bcd51c846821f9a9259d670019f976da6ff4d771498869c33d238e656bb6765,2024-09-28T07:15:03.937000
+CVE-2024-23967,0,0,2bcd51c846821f9a9259d670019f976da6ff4d771498869c33d238e656bb6765,2024-09-28T07:15:03.937000
 CVE-2024-2397,0,0,00747e677ac07569e47a4b44c68849d40056dfcd1ae374307286b3eb2379c47d,2024-06-10T17:16:25.180000
 CVE-2024-23972,0,0,828a337376a97e45b1a3d6fb92449e5bfc2bd8dd2b86628021713c0c44f1d02e,2024-09-26T13:32:55.343000
 CVE-2024-23974,0,0,c245074da43acd228fb7b61c7f93435155d38dc53924647c7bf42e3ed476242f,2024-08-14T17:49:14.177000
@ -263885,6 +263885,7 @@ CVE-2024-8708,0,0,661e441f732f7c590146c851caa19d4b9d733a437db35f14f249fe50618d2c
 CVE-2024-8709,0,0,c4b78e9440da9a95da6880cb2eb594efc3dc26da0951b28cab597493ad1bb06a,2024-09-13T16:27:21.273000
 CVE-2024-8710,0,0,4c5169ef585cdb335030b939d5748b4dbbc0a0ee6166dc565231ca1259e5b90c,2024-09-13T16:25:47.510000
 CVE-2024-8711,0,0,0a0fc486d277b8c36cfb49b6365925dae98dcfc88dd0e7309623a05e1f41ecb4,2024-09-13T16:18:15.670000
 CVE-2024-8712,1,1,50c8b955b867e54c67f097c66622da6de593bdb6b5d7888352e6bc40f5c29004,2024-09-28T09:15:02.167000
 CVE-2024-8713,0,0,77e6eb32497c4838ab6eff0729860dc19e9280431833bec790cbdd0c191045a7,2024-09-26T13:32:02.803000
 CVE-2024-8714,0,0,2bf1d2039d26904f97b1e8fc522abe5916905f0e0d26ed18e01afb2d802fce13,2024-09-26T20:06:46.330000
 CVE-2024-8715,0,0,5dd80a9e377e26833109e36a9f853397f40930511fcbb10d79b8fb2a0b5afb14,2024-09-28T03:15:02.330000
@ -264085,5 +264086,6 @@ CVE-2024-9284,0,0,a3f6be1f322902c2dd706322ffd372bfbe9b47cbadedd7cc30aad50104d2b0
 CVE-2024-9291,0,0,cb57967e7b1c1e3b6bbd39bdcccb61b556906a24da36a7110dece4902c704d59,2024-09-27T21:15:03.667000
 CVE-2024-9293,0,0,58d1b3c8bf6371fb336102f333c7989d6dbbcc39b37756484826d43b383204c0,2024-09-27T21:15:03.937000
 CVE-2024-9294,0,0,ecc4d06c597aa37fc99c049d1c5765db52fd8734fa53dc2d290464be84fc4820,2024-09-27T22:15:13.363000
-CVE-2024-9295,1,1,2059e80eecdba7e0e8296ba30a6d99f30eadea57334392b722bd6631f9d60107,2024-09-28T07:15:04.123000
+CVE-2024-9295,0,0,2059e80eecdba7e0e8296ba30a6d99f30eadea57334392b722bd6631f9d60107,2024-09-28T07:15:04.123000
 CVE-2024-9296,1,1,dded0f6e9e44e64bc57cf92e6d2ef3c1cf85d250453ac5cec64d525a4c889bac,2024-09-28T09:15:02.600000
 CVE-2024-9301,0,0,f7d62ae99cd0d6877c5db63fcb4f2c0f8f043fbb8339f25415912b7f29acecf1,2024-09-27T18:15:06.163000