diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0230.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0230.json new file mode 100644 index 00000000000..c889cfbfd28 --- /dev/null +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0230.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0230", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T21:15:06.267", + "lastModified": "2025-01-05T21:15:06.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Huandtx/cve/blob/main/cve/Responsive%20Hotel%20Site/sql1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290226", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290226", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.474581", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0231.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0231.json new file mode 100644 index 00000000000..3ce05571919 --- /dev/null +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0231.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0231", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T22:15:05.540", + "lastModified": "2025-01-05T22:15:05.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payments.php. The manipulation of the argument m_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/gh464646/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290227", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290227", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.474596", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2025/CVE-2025-02xx/CVE-2025-0232.json b/CVE-2025/CVE-2025-02xx/CVE-2025-0232.json new file mode 100644 index 00000000000..fce2bcb74cc --- /dev/null +++ b/CVE-2025/CVE-2025-02xx/CVE-2025-0232.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0232", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T22:15:05.767", + "lastModified": "2025-01-05T22:15:05.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/alc9700jmo/CVE/issues/7", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290228", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290228", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.474597", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 67a5914a1bd..e5b498f142a 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-05T21:00:19.245423+00:00 +2025-01-05T23:00:20.106462+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-05T20:15:05.383000+00:00 +2025-01-05T22:15:05.767000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275740 +275743 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2025-0228](CVE-2025/CVE-2025-02xx/CVE-2025-0228.json) (`2025-01-05T19:15:06.320`) -- [CVE-2025-0229](CVE-2025/CVE-2025-02xx/CVE-2025-0229.json) (`2025-01-05T20:15:05.383`) +- [CVE-2025-0230](CVE-2025/CVE-2025-02xx/CVE-2025-0230.json) (`2025-01-05T21:15:06.267`) +- [CVE-2025-0231](CVE-2025/CVE-2025-02xx/CVE-2025-0231.json) (`2025-01-05T22:15:05.540`) +- [CVE-2025-0232](CVE-2025/CVE-2025-02xx/CVE-2025-0232.json) (`2025-01-05T22:15:05.767`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index b0d3a8f2753..8aaa54669fb 100644 --- a/_state.csv +++ b/_state.csv @@ -275724,8 +275724,11 @@ CVE-2025-0224,0,0,28e5c7c6ae9f92e276e429054d47bb104d4a84ab655c0a2b5b9cf770216c9a CVE-2025-0225,0,0,05f3e95e5a5216de1729c29aa623cb834288b97c999cdcab41fa05b2facf403c,2025-01-05T17:15:06.620000 CVE-2025-0226,0,0,c107f3a1190ffff7a5bb943eb632d954a11de62889d175189cba857eeb732cc9,2025-01-05T18:15:05.573000 CVE-2025-0227,0,0,b7e75591f803956c9c2fede15969a7aa7d454dc47e8d770ec080124efffe3817,2025-01-05T18:15:06.570000 -CVE-2025-0228,1,1,5cce80d84a8eb33f28f78570fb958c340ef8d25e9383674444c637cddefdf408,2025-01-05T19:15:06.320000 -CVE-2025-0229,1,1,733cbb695588f6a25d8cc517b82298be2972e628f3d2d85a6ad5987d6d498cef,2025-01-05T20:15:05.383000 +CVE-2025-0228,0,0,5cce80d84a8eb33f28f78570fb958c340ef8d25e9383674444c637cddefdf408,2025-01-05T19:15:06.320000 +CVE-2025-0229,0,0,733cbb695588f6a25d8cc517b82298be2972e628f3d2d85a6ad5987d6d498cef,2025-01-05T20:15:05.383000 +CVE-2025-0230,1,1,da56c380fbd78e0c1f33c2e3a59c91c27f8ad01a46dc235a12db28093892eebe,2025-01-05T21:15:06.267000 +CVE-2025-0231,1,1,73ba5b334ad5db7bd7f18e0277fa8cbe48a99916bc557dd1170e5fb52d78d868,2025-01-05T22:15:05.540000 +CVE-2025-0232,1,1,bbb1f8dd03cca1cfde501a9cda5da15f541da213c05bfee0e291ed634d921d4c,2025-01-05T22:15:05.767000 CVE-2025-21609,0,0,46e3af17bfffe98fbaec33d01272d23877fbd06c6cc0e4a79625fd3beabb7e1e,2025-01-03T17:15:09.147000 CVE-2025-21610,0,0,803b1c12bbaab2c87bcfc5865cced8b68fa26746eb8c056e6bba01e1200224ac,2025-01-03T17:15:09.290000 CVE-2025-22214,0,0,9f9cbba758088c6fe54f3b7aba457fa8b68f7e0bf397744585451dc526c7cea3,2025-01-02T04:15:06.277000