From 8bb6f0dcc68ce487bfb5699a6ccf602f6f8bb83d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 19 Oct 2024 20:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-10-19T20:00:17.232376+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10153.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-101xx/CVE-2024-10154.json | 141 ++++++++++++++++++++ README.md | 11 +- _state.csv | 4 +- 4 files changed, 291 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10153.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10154.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10153.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10153.json new file mode 100644 index 00000000000..3ab0596e9f8 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10153.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10153", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-19T18:15:02.437", + "lastModified": "2024-10-19T18:15:02.437", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280939", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280939", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.425365", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10154.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10154.json new file mode 100644 index 00000000000..d988d060e8e --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10154.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10154", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-19T19:15:04.090", + "lastModified": "2024-10-19T19:15:04.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_status_sqli.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280940", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280940", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.425385", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f33b532a644..837f0e44e47 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-19T18:00:17.347195+00:00 +2024-10-19T20:00:17.232376+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-19T17:15:10.657000+00:00 +2024-10-19T19:15:04.090000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266164 +266166 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-10142](CVE-2024/CVE-2024-101xx/CVE-2024-10142.json) (`2024-10-19T17:15:10.657`) +- [CVE-2024-10153](CVE-2024/CVE-2024-101xx/CVE-2024-10153.json) (`2024-10-19T18:15:02.437`) +- [CVE-2024-10154](CVE-2024/CVE-2024-101xx/CVE-2024-10154.json) (`2024-10-19T19:15:04.090`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 0a68cb3ec7c..67e02956bc9 100644 --- a/_state.csv +++ b/_state.csv @@ -242284,8 +242284,10 @@ CVE-2024-10139,0,0,0ed3826709bf9e931ea547c65bfab2710bfb80e53b842917d28eaf89d2532 CVE-2024-1014,0,0,8e546db835ee0e62e0f6ed5b95e90d5586231fc78746cbbfef7db3d61b3c5f3d,2024-02-02T02:05:39.277000 CVE-2024-10140,0,0,aec311209a02b8c14f754431c8bb87bae3f3320865efe32c0e3bd857d5ceadf9,2024-10-19T15:15:14.603000 CVE-2024-10141,0,0,09fa08cc46cecf31331ef8b05b7e25cdba3a32b1fba57ba9bc41b0aac71ce99c,2024-10-19T15:15:14.973000 -CVE-2024-10142,1,1,8f40432a96404db59ba7840a4b90da81e1beb2e19d77a9cec5d89b9a339af23c,2024-10-19T17:15:10.657000 +CVE-2024-10142,0,0,8f40432a96404db59ba7840a4b90da81e1beb2e19d77a9cec5d89b9a339af23c,2024-10-19T17:15:10.657000 CVE-2024-1015,0,0,5516b1d1af5a9d3814b8a6e102d3692fcdb9c463b2e2645787afdcb157946f20,2024-02-02T02:04:13.267000 +CVE-2024-10153,1,1,53cdd7b1faf79b7014d10984cde91af8d0727db65823fae8333e484880aed2b6,2024-10-19T18:15:02.437000 +CVE-2024-10154,1,1,7e7c002f56d275740fe09f07861e1d8c7c84d5a302d17ebda9002d1cc89af9eb,2024-10-19T19:15:04.090000 CVE-2024-1016,0,0,71cf76ab1a6b276906d8ecf764cf0be1d15a9c7c60543569d9e172588701616f,2024-05-17T02:35:10.520000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000