admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-12-20T05:00:25.140357+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-12-20 05:00:28 +00:00
parent 017f08c687
commit 9df021e866
31 changed files with 1594 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2016/CVE-2016-150xx/CVE-2016-15032.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-15032",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-06-02T00:15:09.443",
"lastModified": "2023-11-07T02:29:49.657",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-20T03:05:04.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

34
CVE-2022/CVE-2022-301xx/CVE-2022-30122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30122",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-12-05T22:15:10.227",
"lastModified": "2023-12-08T22:15:07.127",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2023-12-20T03:02:05.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -91,6 +91,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
}
]
}
]
}
],
"references": [
@ -103,15 +118,24 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-18",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231208-0012/",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5530",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-243xx/CVE-2023-24380.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-24380",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T10:15:07.430",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:21:06.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Webbjocke Simple Wp Sitemap.This issue affects Simple Wp Sitemap: from n/a through 1.2.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Webbjocke Simple Wp Sitemap. Este problema afecta a Simple Wp Sitemap: desde n/a hasta 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webbjocke:simple_wp_sitemap:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.1",
"matchCriteriaId": "CE073076-F866-4279-BE9C-340ADC0D528E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-wp-sitemap/wordpress-simple-wp-sitemap-plugin-1-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-466xx/CVE-2023-46617.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-46617",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:09.823",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:16:54.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en AdFoxly AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt. Este problema afecta a AdFoxly \u2013 Ad Manager, AdSense Ads & Ads.Txt: desde n/a hasta 1.8.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpfoxly:adfoxly:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.8.5",
"matchCriteriaId": "5BDB2218-1B07-4D6D-9848-BAB4F2271BF5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/adfoxly/wordpress-adfoxly-ad-manager-adsense-ads-ads-txt-plugin-1-8-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-487xx/CVE-2023-48762.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48762",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:10.033",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:17:13.577",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.This issue affects JetElements For Elementor: from n/a through 2.6.13.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Crocoblock JetElements para Elementor. Este problema afecta a JetElements para Elementor: desde n/a hasta 2.6.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:crocoblock:jetelements_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.13.1",
"matchCriteriaId": "854CB40E-1FC0-45B0-B4BF-DA47BB787AF5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/jet-elements/wordpress-jetelements-for-elementor-plugin-2-6-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-487xx/CVE-2023-48766.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-48766",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T17:15:10.583",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:18:59.910",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator \u2013 Add Animated SVG Easily.This issue affects SVGator \u2013 Add Animated SVG Easily: from n/a through 1.2.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SVGatorSVGator \u2013 Add Animated SVG Easily. Este problema afecta a SVGator \u2013 Add Animated SVG Easily: desde n/a hasta 1.2.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svgator:svgator:*:*:*:*:*:*:wordpress:*",
"versionEndIncluding": "1.2.4",
"matchCriteriaId": "1DABE214-D1A6-40B2-8634-3DFB0AC1655E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/svgator/wordpress-svgator-add-animated-svg-easily-plugin-1-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-497xx/CVE-2023-49751.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49751",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T10:15:07.667",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:20:54.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu Block for Font Awesome.This issue affects Block for Font Awesome: from n/a through 1.4.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ciprian Popescu Block for Font Awesome. Este problema afecta a Block for Font Awesome: desde n/a hasta 1.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getbutterfly:block_for_font_awesome:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.0",
"matchCriteriaId": "65C1B7A9-5089-4FC9-AD3C-ABDB746A2CD2"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/block-for-font-awesome/wordpress-block-for-font-awesome-plugin-1-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49769.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49769",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T10:15:07.880",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:19:35.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in SoftLab Integrate Google Drive.This issue affects Integrate Google Drive: from n/a through 1.3.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en SoftLab Integrate Google Drive. Este problema afecta a Integrate Google Drive: desde n/a hasta 1.3.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:softlabbd:integrate_google_drive:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.5",
"matchCriteriaId": "EFE24392-7F39-4194-98EE-085AB1C42732"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/integrate-google-drive/wordpress-integrate-google-drive-plugin-1-3-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-497xx/CVE-2023-49775.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49775",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T10:15:08.070",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:19:10.643",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Denis Kobozev CSV Importer.This issue affects CSV Importer: from n/a through 0.3.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Denis Kobozev CSV Importer. Este problema afecta a CSV Importer: desde n/a hasta 0.3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpcore:csv_importer:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.3.8",
"matchCriteriaId": "56AF7098-1751-4849-8F86-29FF2EF3E3FE"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/csv-importer/wordpress-csv-importer-plugin-0-3-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49816.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49816",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T11:15:07.210",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:09:04.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Innovative Solutions Fix My Feed RSS Repair.This issue affects Fix My Feed RSS Repair: from n/a through 1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Innovative Solutions Fix My Feed RSS Repair. Este problema afecta a Fix My Feed RSS Repair: desde n/a hasta 1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:whereyoursolutionis:fix_my_feed_rss_repair:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4",
"matchCriteriaId": "253E639A-A944-4D95-A142-3F830D940740"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fix-my-feed-rss-repair/wordpress-fix-my-feed-rss-repair-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49824.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T11:15:07.910",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:21:23.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite Product Catalog Feed by PixelYourSite.This issue affects Product Catalog Feed by PixelYourSite: from n/a through 2.1.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PixelYourSite Product Catalog Feed by PixelYourSite. Este problema afecta a Product Catalog Feed by PixelYourSite: desde n/a hasta 2.1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pixelyoursite:product_catalog_feed:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.0",
"matchCriteriaId": "C895D2D4-7B6D-411B-A167-278590395AEC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/product-catalog-feed/wordpress-product-catalog-feed-by-pixelyoursite-plugin-2-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49834.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-17T11:15:08.133",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:26:25.007",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in realmag777 FOX \u2013 Currency Switcher Professional for WooCommerce.This issue affects FOX \u2013 Currency Switcher Professional for WooCommerce: from n/a through 1.4.1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en realmag777 FOX \u2013 Currency Switcher Professional para WooCommerce. Este problema afecta a FOX \u2013 Currency Switcher Professional para WooCommerce: desde n/a hasta 1.4.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:fox_-_currency_switcher_professional_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.1.5",
"matchCriteriaId": "6E1922D5-3783-45BB-B544-06B82B914BEC"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-currency-switcher/wordpress-fox-currency-switcher-professional-for-woocommerce-plugin-1-4-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49840.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49840",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.130",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:28:39.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.This issue affects Multi Currency For WooCommerce: from n/a through 1.5.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Palscode Multi Currency para WooCommerce. Este problema afecta a Multi Currency para WooCommerce: desde n/a hasta 1.5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palscode:multi_currency_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.5",
"matchCriteriaId": "3D43F173-FADF-459A-8531-7EFE7AF4D74A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wc-multi-currency/wordpress-multi-currency-for-woocommerce-plugin-1-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49843.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49843",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.330",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:28:26.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.This issue affects First Order Discount Woocommerce: from n/a through 1.21.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en QuanticEdge First Order Discount Woocommerce. Este problema afecta a First Order Discount Woocommerce: desde n/a hasta 1.21."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:quanticedge:first_order_discount_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.21",
"matchCriteriaId": "9C8CB7F1-CF47-45F4-B96C-EF5DF7186552"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/first-order-discount-woocommerce/wordpress-first-order-discount-woocommerce-plugin-1-21-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49844.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49844",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.510",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:28:10.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.This issue affects WPPerformanceTester: from n/a through 2.0.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Kevin Ohashi WPPerformanceTester. Este problema afecta a WPPerformanceTester: desde n/a hasta 2.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reviewsignal:wpperformancetester:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "83D1D93A-424F-45AE-88C3-6AF451A3041A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wpperformancetester/wordpress-wpperformancetester-plugin-2-0-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49853.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49853",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T15:15:09.707",
"lastModified": "2023-12-18T17:24:19.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:27:45.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in PayTR \u00d6deme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu \u2013 WooCommerce.This issue affects PayTR Taksit Tablosu \u2013 WooCommerce: from n/a through 1.3.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PayTR \u00d6deme ve Elektronik Para Kurulu?u A.?. PayTR Taksit Tablosu \u2013 WooCommerce. Este problema afecta a PayTR Taksit Tablosu \u2013 WooCommerce: desde n/a hasta 1.3.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paytr:paytr_taksit_tablosu_-_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "9F68A781-5305-4C48-A6E9-1C47CFCA3BE7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/paytr-taksit-tablosu-woocommerce/wordpress-paytr-taksit-tablosu-woocommerce-plugin-1-3-1-broken-authentication-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-498xx/CVE-2023-49854.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49854",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T11:15:13.497",
"lastModified": "2023-12-18T14:05:17.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:29:09.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy \u2013 Smart Side Cart for WooCommerce.This issue affects Caddy \u2013 Smart Side Cart for WooCommerce: from n/a through 1.9.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery(CSRF) en Tribe Interactive Caddy \u2013 Smart Side Cart para WooCommerce. Este problema afecta a Caddy \u2013 Smart Side Cart para WooCommerce: desde n/a hasta 1.9.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:madebytribe:caddy:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.8",
"matchCriteriaId": "62EB9E1E-C0C9-4CCC-A4F9-29A1270E03C8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/caddy/wordpress-caddy-plugin-1-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-498xx/CVE-2023-49855.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-49855",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T11:15:13.703",
"lastModified": "2023-12-18T14:05:17.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:29:01.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter. Este problema afecta a Menu Bar Cart Icon For WooCommerce By Binary Carpenter: desde n/a hasta 1.49.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:binarycarpenter:menu_bar_cart_icon_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.49.3",
"matchCriteriaId": "F918B8E1-D338-49F4-92CE-DB166A9CD3C3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/bc-menu-cart-woo/wordpress-bc-menu-bar-cart-icon-for-woocommerce-by-binary-carpenter-plugin-1-49-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-503xx/CVE-2023-50372.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50372",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-18T11:15:14.103",
"lastModified": "2023-12-18T14:05:17.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:28:48.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Hiroaki Miyashita Custom Post Type Page Template. Este problema afecta a Custom Post Type Page Template: desde n/a hasta 1.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpgogo:custom_post_type_page_template:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "ABEBC77B-5D37-487D-A784-DE5D6E324847"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-post-type-page-template/wordpress-custom-post-type-page-template-plugin-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-65xx/CVE-2023-6559.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6559",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-12-16T13:15:07.683",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:13:18.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The MW WP Form plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 5.0.3. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible."
},
{
"lang": "es",
"value": "El complemento MW WP Form para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos en todas las versiones hasta la 5.0.3 incluida. Esto se debe a que el complemento no valida correctamente la ruta de un archivo cargado antes de eliminarlo. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios, incluido el archivo wp-config.php, lo que puede hacer posible la toma de control del sitio y la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,51 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:web-soudan:mw_wp_form:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.0.4",
"matchCriteriaId": "EE900ED9-C646-4BD0-98C8-43E56D6BB305"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3007879/mw-wp-form",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/412d555c-9bbd-42f5-8020-ccfc18755a79?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6848.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6848",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T07:15:44.407",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:09:40.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kalcaddle kodbox up to 1.48. It has been declared as critical. Affected by this vulnerability is the function check of the file plugins/officeViewer/controller/libreOffice/index.class.php. The manipulation of the argument soffice leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The identifier of the patch is 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. The identifier VDB-248209 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en kalcaddle kodbox hasta 1.48. Ha sido declarada cr\u00edtica. La funci\u00f3n de verificaci\u00f3n del archivo plugins/officeViewer/controller/libreOffice/index.class.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento soffice conduce a la inyecci\u00f3n de comandos. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 1.48.04 puede solucionar este problema. El identificador del parche es 63a4d5708d210f119c24afd941d01a943e25334c. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248209."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.48.04",
"matchCriteriaId": "6DCDC7E4-62CD-4A8C-9C1A-1F1B9406FDC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/kodbox/releases/tag/1.48.04",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/pf838kAzQyTQ",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248209",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248209",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6849.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6849",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T08:15:06.663",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:09:52.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en kalcaddle kodbox hasta 1.48. Ha sido calificada como cr\u00edtica. La funci\u00f3n cover del archivo plugins/fileThumb/app.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la ruta del argumento conduce a server-side request forgery. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 1.48.04 puede solucionar este problema. El parche se identifica como 63a4d5708d210f119c24afd941d01a943e25334c. Se recomienda actualizar el componente afectado. VDB-248210 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodbox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.48.04",
"matchCriteriaId": "6DCDC7E4-62CD-4A8C-9C1A-1F1B9406FDC9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/kodbox/releases/tag/1.48.04",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/jSsPAWT1pKsq",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248210",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248210",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6850.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6850",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T09:15:07.030",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:10:03.370",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been declared as critical. This vulnerability affects unknown code of the file /index.php?pluginApp/to/yzOffice/getFile of the component API Endpoint Handler. The manipulation of the argument path/file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is identified as 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. VDB-248218 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en kalcaddle KodExplorer hasta 4.51.03. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del archivo /index.php?pluginApp/to/yzOffice/getFile del componente API Endpoint Handler. La manipulaci\u00f3n del argumento ruta/archivo conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.52.01 puede solucionar este problema. El parche se identifica como 5cf233f7556b442100cf67b5e92d57ceabb126c6. Se recomienda actualizar el componente afectado. VDB-248218 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.52.01",
"matchCriteriaId": "9308CF18-302E-4CB9-9AD8-858718BCB9D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/L38RNzUOwOtN",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248218",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248218",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6851.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6851",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T11:15:07.163",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:10:59.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kalcaddle KodExplorer up to 4.51.03. It has been rated as critical. This issue affects the function unzipList of the file plugins/zipView/app.php of the component ZIP Archive Handler. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The patch is named 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248219."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en kalcaddle KodExplorer hasta 4.51.03. Ha sido calificada como cr\u00edtica. Este problema afecta la funci\u00f3n unzipList del archivo plugins/zipView/app.php del componente ZIP Archive Handler. La manipulaci\u00f3n conduce a la inyecci\u00f3n de c\u00f3digo. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.52.01 puede solucionar este problema. El parche se llama 5cf233f7556b442100cf67b5e92d57ceabb126c6. Se recomienda actualizar el componente afectado. El identificador asociado de esta vulnerabilidad es VDB-248219."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.52.01",
"matchCriteriaId": "9308CF18-302E-4CB9-9AD8-858718BCB9D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/D44UjzoFXYfi",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248219",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248219",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6852.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6852",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T12:15:07.220",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:14:54.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en kalcaddle KodExplorer hasta 4.51.03 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo plugins/webodf/app.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a server-side request forgery. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.52.01 puede solucionar este problema. El nombre del parche es 5cf233f7556b442100cf67b5e92d57ceabb126c6. Se recomienda actualizar el componente afectado. El identificador de esta vulnerabilidad es VDB-248220."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.52.01",
"matchCriteriaId": "9308CF18-302E-4CB9-9AD8-858718BCB9D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/P6lQNyqQn3zY",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248220",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-68xx/CVE-2023-6853.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6853",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T12:15:07.467",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:14:27.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en kalcaddle KodExplorer hasta 4.51.03 y clasificada como cr\u00edtica. La funci\u00f3n index del archivo plugins/officeLive/app.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la ruta del argumento conduce a server-side request forgery. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 4.52.01 puede solucionar este problema. El identificador del parche es 5cf233f7556b442100cf67b5e92d57ceabb126c6. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248221."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,26 +95,60 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kodcloud:kodexplorer:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.52.01",
"matchCriteriaId": "9308CF18-302E-4CB9-9AD8-858718BCB9D9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://note.zhaoj.in/share/oaYHbDTnPiU3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?ctiid.248221",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248221",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2023/CVE-2023-68xx/CVE-2023-6885.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6885",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-16T23:15:40.830",
"lastModified": "2023-12-18T14:05:28.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:11:21.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.10. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file general/vote/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-248245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 hasta 11.10. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo general/vote/manage/delete.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento DELETE_STR conduce a la inyecci\u00f3n SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-248245. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_office_anywhere:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.10",
"matchCriteriaId": "014F8D69-179A-448C-9DE1-44722327ACD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:tongda_office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "81F9C9DF-C606-4C49-A34D-503910C19D61"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Martinzb/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248245",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-68xx/CVE-2023-6896.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6896",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-17T10:15:08.260",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:09:26.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Simple Image Stack Website 1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument search with the input sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248255."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Simple Image Stack Website 1.0. Ha sido calificada como problem\u00e1tica. Este problema afecta alg\u00fan procesamiento desconocido. La manipulaci\u00f3n de la b\u00fasqueda de argumentos con la entrada sy2ap%22%3e%3cscript%3ealert(1)%3c%2fscript%3etkxh1 conduce a Cross-site Scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-248255."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:simple_image_stack_website:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EE07D6-9E04-461E-A80F-00E85ACB18D5"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.248255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248255",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.yuque.com/u39434519/pfhiwd/vry762ncuczem3yi?singleDoc#",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-68xx/CVE-2023-6898.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6898",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-17T11:15:08.327",
"lastModified": "2023-12-18T14:05:22.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:08:09.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SourceCodester Best Courier Management System 1.0 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo enable_user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento id conduce a la inyecci\u00f3n de SQL. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-248256."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayuri_k:best_courier_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9D95BF-85A6-4668-8E74-8889889DAB0F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248256",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248256",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2023/CVE-2023-69xx/CVE-2023-6909.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2023-6909",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-18T04:15:52.367",
"lastModified": "2023-12-18T14:05:17.207",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-12-20T04:07:34.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2."
},
{
"lang": "es",
"value": "Path traversal: '\\..\\filename' en el repositorio de GitHub mlflow/mlflow anterior a 2.9.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -46,14 +72,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.9.2",
"matchCriteriaId": "6B5585E2-CC70-4BED-AA89-B791F081ACFC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
}
]
}

65
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-12-20T03:00:25.592477+00:00
2023-12-20T05:00:25.140357+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-12-20T03:00:10.860000+00:00
2023-12-20T04:29:09.497000+00:00
```
### Last Data Feed Release
@ -34,46 +34,39 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `0`
* [CVE-2023-27172](CVE-2023/CVE-2023-271xx/CVE-2023-27172.json) (`2023-12-20T01:15:07.233`)
* [CVE-2023-47706](CVE-2023/CVE-2023-477xx/CVE-2023-47706.json) (`2023-12-20T01:15:07.597`)
* [CVE-2023-47702](CVE-2023/CVE-2023-477xx/CVE-2023-47702.json) (`2023-12-20T02:15:43.970`)
* [CVE-2023-47703](CVE-2023/CVE-2023-477xx/CVE-2023-47703.json) (`2023-12-20T02:15:44.167`)
* [CVE-2023-47704](CVE-2023/CVE-2023-477xx/CVE-2023-47704.json) (`2023-12-20T01:15:07.363`)
* [CVE-2023-47705](CVE-2023/CVE-2023-477xx/CVE-2023-47705.json) (`2023-12-20T02:15:44.437`)
* [CVE-2023-47707](CVE-2023/CVE-2023-477xx/CVE-2023-47707.json) (`2023-12-20T02:15:44.627`)
### CVEs modified in the last Commit
Recently modified CVEs: `37`
Recently modified CVEs: `30`
* [CVE-2015-10097](CVE-2015/CVE-2015-100xx/CVE-2015-10097.json) (`2023-12-20T02:27:39.773`)
* [CVE-2015-10101](CVE-2015/CVE-2015-101xx/CVE-2015-10101.json) (`2023-12-20T02:30:01.257`)
* [CVE-2015-10100](CVE-2015/CVE-2015-101xx/CVE-2015-10100.json) (`2023-12-20T02:34:00.733`)
* [CVE-2015-10099](CVE-2015/CVE-2015-100xx/CVE-2015-10099.json) (`2023-12-20T02:36:46.687`)
* [CVE-2015-10087](CVE-2015/CVE-2015-100xx/CVE-2015-10087.json) (`2023-12-20T02:39:30.293`)
* [CVE-2015-10102](CVE-2015/CVE-2015-101xx/CVE-2015-10102.json) (`2023-12-20T02:41:18.450`)
* [CVE-2015-10105](CVE-2015/CVE-2015-101xx/CVE-2015-10105.json) (`2023-12-20T02:47:11.533`)
* [CVE-2016-15029](CVE-2016/CVE-2016-150xx/CVE-2016-15029.json) (`2023-12-20T02:21:36.473`)
* [CVE-2016-15030](CVE-2016/CVE-2016-150xx/CVE-2016-15030.json) (`2023-12-20T02:23:41.077`)
* [CVE-2017-20167](CVE-2017/CVE-2017-201xx/CVE-2017-20167.json) (`2023-12-20T02:10:43.700`)
* [CVE-2017-20159](CVE-2017/CVE-2017-201xx/CVE-2017-20159.json) (`2023-12-20T02:16:20.700`)
* [CVE-2017-20180](CVE-2017/CVE-2017-201xx/CVE-2017-20180.json) (`2023-12-20T02:45:34.063`)
* [CVE-2020-36637](CVE-2020/CVE-2020-366xx/CVE-2020-36637.json) (`2023-12-20T01:46:33.117`)
* [CVE-2020-36638](CVE-2020/CVE-2020-366xx/CVE-2020-36638.json) (`2023-12-20T01:48:34.637`)
* [CVE-2022-24480](CVE-2022/CVE-2022-244xx/CVE-2022-24480.json) (`2023-12-20T02:15:43.180`)
* [CVE-2023-47271](CVE-2023/CVE-2023-472xx/CVE-2023-47271.json) (`2023-12-20T01:15:07.297`)
* [CVE-2023-49786](CVE-2023/CVE-2023-497xx/CVE-2023-49786.json) (`2023-12-20T01:15:07.937`)
* [CVE-2023-3018](CVE-2023/CVE-2023-30xx/CVE-2023-3018.json) (`2023-12-20T01:37:04.860`)
* [CVE-2023-48795](CVE-2023/CVE-2023-487xx/CVE-2023-48795.json) (`2023-12-20T02:15:44.827`)
* [CVE-2023-5764](CVE-2023/CVE-2023-57xx/CVE-2023-5764.json) (`2023-12-20T02:15:44.947`)
* [CVE-2023-29030](CVE-2023/CVE-2023-290xx/CVE-2023-29030.json) (`2023-12-20T02:50:13.797`)
* [CVE-2023-29031](CVE-2023/CVE-2023-290xx/CVE-2023-29031.json) (`2023-12-20T02:52:31.047`)
* [CVE-2023-29025](CVE-2023/CVE-2023-290xx/CVE-2023-29025.json) (`2023-12-20T02:54:00.477`)
* [CVE-2023-29024](CVE-2023/CVE-2023-290xx/CVE-2023-29024.json) (`2023-12-20T02:57:49.013`)
* [CVE-2023-29023](CVE-2023/CVE-2023-290xx/CVE-2023-29023.json) (`2023-12-20T03:00:10.860`)
* [CVE-2023-6896](CVE-2023/CVE-2023-68xx/CVE-2023-6896.json) (`2023-12-20T04:09:26.843`)
* [CVE-2023-6848](CVE-2023/CVE-2023-68xx/CVE-2023-6848.json) (`2023-12-20T04:09:40.720`)
* [CVE-2023-6849](CVE-2023/CVE-2023-68xx/CVE-2023-6849.json) (`2023-12-20T04:09:52.890`)
* [CVE-2023-6850](CVE-2023/CVE-2023-68xx/CVE-2023-6850.json) (`2023-12-20T04:10:03.370`)
* [CVE-2023-6851](CVE-2023/CVE-2023-68xx/CVE-2023-6851.json) (`2023-12-20T04:10:59.200`)
* [CVE-2023-6885](CVE-2023/CVE-2023-68xx/CVE-2023-6885.json) (`2023-12-20T04:11:21.097`)
* [CVE-2023-6559](CVE-2023/CVE-2023-65xx/CVE-2023-6559.json) (`2023-12-20T04:13:18.900`)
* [CVE-2023-6853](CVE-2023/CVE-2023-68xx/CVE-2023-6853.json) (`2023-12-20T04:14:27.880`)
* [CVE-2023-6852](CVE-2023/CVE-2023-68xx/CVE-2023-6852.json) (`2023-12-20T04:14:54.340`)
* [CVE-2023-46617](CVE-2023/CVE-2023-466xx/CVE-2023-46617.json) (`2023-12-20T04:16:54.720`)
* [CVE-2023-48762](CVE-2023/CVE-2023-487xx/CVE-2023-48762.json) (`2023-12-20T04:17:13.577`)
* [CVE-2023-48766](CVE-2023/CVE-2023-487xx/CVE-2023-48766.json) (`2023-12-20T04:18:59.910`)
* [CVE-2023-49775](CVE-2023/CVE-2023-497xx/CVE-2023-49775.json) (`2023-12-20T04:19:10.643`)
* [CVE-2023-49769](CVE-2023/CVE-2023-497xx/CVE-2023-49769.json) (`2023-12-20T04:19:35.600`)
* [CVE-2023-49751](CVE-2023/CVE-2023-497xx/CVE-2023-49751.json) (`2023-12-20T04:20:54.357`)
* [CVE-2023-24380](CVE-2023/CVE-2023-243xx/CVE-2023-24380.json) (`2023-12-20T04:21:06.470`)
* [CVE-2023-49824](CVE-2023/CVE-2023-498xx/CVE-2023-49824.json) (`2023-12-20T04:21:23.460`)
* [CVE-2023-49834](CVE-2023/CVE-2023-498xx/CVE-2023-49834.json) (`2023-12-20T04:26:25.007`)
* [CVE-2023-49853](CVE-2023/CVE-2023-498xx/CVE-2023-49853.json) (`2023-12-20T04:27:45.017`)
* [CVE-2023-49844](CVE-2023/CVE-2023-498xx/CVE-2023-49844.json) (`2023-12-20T04:28:10.187`)
* [CVE-2023-49843](CVE-2023/CVE-2023-498xx/CVE-2023-49843.json) (`2023-12-20T04:28:26.340`)
* [CVE-2023-49840](CVE-2023/CVE-2023-498xx/CVE-2023-49840.json) (`2023-12-20T04:28:39.197`)
* [CVE-2023-50372](CVE-2023/CVE-2023-503xx/CVE-2023-50372.json) (`2023-12-20T04:28:48.440`)
* [CVE-2023-49855](CVE-2023/CVE-2023-498xx/CVE-2023-49855.json) (`2023-12-20T04:29:01.180`)
* [CVE-2023-49854](CVE-2023/CVE-2023-498xx/CVE-2023-49854.json) (`2023-12-20T04:29:09.497`)
## Download and Usage