From 9e6c2e33b0b57bb331d9a1ae6c9df21bc84a3f07 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 22 Feb 2025 13:03:47 +0000 Subject: [PATCH] Auto-Update: 2025-02-22T13:00:19.093983+00:00 --- CVE-2023/CVE-2023-66xx/CVE-2023-6648.json | 60 ++++++++++++++++++++++- README.md | 13 ++--- _state.csv | 10 ++-- 3 files changed, 68 insertions(+), 15 deletions(-) diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json index 1005a324f74..01481f032cf 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json @@ -2,13 +2,13 @@ "id": "CVE-2023-6648", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-10T09:15:06.913", - "lastModified": "2024-11-21T08:44:16.943", + "lastModified": "2025-02-22T12:15:30.927", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability." + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username/contactno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "es", @@ -16,6 +16,50 @@ } ], "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], "cvssMetricV31": [ { "source": "cna@vuldb.com", @@ -89,6 +133,10 @@ "source": "cna@vuldb.com", "type": "Primary", "description": [ + { + "lang": "en", + "value": "CWE-74" + }, { "lang": "en", "value": "CWE-89" @@ -122,6 +170,10 @@ "Third Party Advisory" ] }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?ctiid.247341", "source": "cna@vuldb.com", @@ -138,6 +190,10 @@ "Third Party Advisory" ] }, + { + "url": "https://vuldb.com/?submit.246745", + "source": "cna@vuldb.com" + }, { "url": "https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/README.md b/README.md index 740b2f4111e..910a7449112 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-02-22T11:00:20.834299+00:00 +2025-02-22T13:00:19.093983+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-02-22T10:15:11.263000+00:00 +2025-02-22T12:15:30.927000+00:00 ``` ### Last Data Feed Release @@ -38,18 +38,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `0` -- [CVE-2024-13564](CVE-2024/CVE-2024-135xx/CVE-2024-13564.json) (`2025-02-22T09:15:23.687`) -- [CVE-2025-1361](CVE-2025/CVE-2025-13xx/CVE-2025-1361.json) (`2025-02-22T09:15:24.033`) -- [CVE-2025-1553](CVE-2025/CVE-2025-15xx/CVE-2025-1553.json) (`2025-02-22T10:15:09.853`) -- [CVE-2025-21704](CVE-2025/CVE-2025-217xx/CVE-2025-21704.json) (`2025-02-22T10:15:11.263`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2023-6648](CVE-2023/CVE-2023-66xx/CVE-2023-6648.json) (`2025-02-22T12:15:30.927`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 674600bfbbb..f0d57de0ae1 100644 --- a/_state.csv +++ b/_state.csv @@ -242020,7 +242020,7 @@ CVE-2023-6640,0,0,4c1de3385a32f286c0b75b0b253dae7e11e4d89cf203bb099ad3f58f6c385c CVE-2023-6645,0,0,18d7b1db6d45d511489f0088fbcda1d70409d9803c5553814d8e2b60fd676b42,2024-11-21T08:44:16.430000 CVE-2023-6646,0,0,43309576514af4cb07e93f126e0f158d82b8629e3c47d5943302d08d30997d61,2024-11-21T08:44:16.600000 CVE-2023-6647,0,0,780302fda21e798fe5ca06edfdf1cebf880447e49cae48df60b9306a284f29c8,2024-11-21T08:44:16.793000 -CVE-2023-6648,0,0,2114f1632c6a6fb82421b9b46d318175d7d4ba1218138f577e2871f07888539e,2024-11-21T08:44:16.943000 +CVE-2023-6648,0,1,d2eaef290089f83c5f4b15c4ac795d0b50ac11bf6b06c1dd3db8e9da1c1af229,2025-02-22T12:15:30.927000 CVE-2023-6649,0,0,f16b8f43e18a15ee86fc969f2c30723fdfe0f83e4134dca4815ab7280fb58480,2024-11-21T08:44:17.087000 CVE-2023-6650,0,0,e0ca62c1cae5ab471f951c716a9965cadf71a09d15f12cd3c2bc955aba81253d,2024-11-21T08:44:17.247000 CVE-2023-6651,0,0,cd74fedcbcf3d4fe8699e1ecf0fc78dfd7702f334bc3fdfb7c4ff3782b3771ea,2024-11-21T08:44:17.393000 @@ -246734,7 +246734,7 @@ CVE-2024-1356,0,0,6cb6186c899ef9742e559deecf7de4862ea2bb78bef5eed0c472ae9df79196 CVE-2024-13561,0,0,2147326d45c7c96265106b6ff772f1393a83793dfac14b78a483fca6de875c16,2025-01-29T12:15:27.617000 CVE-2024-13562,0,0,b51ff5c1214904c48acd8185520c69905fbad554f23d67d52a0c555fc11349f1,2025-02-04T20:26:53.560000 CVE-2024-13563,0,0,a22d7bca0cd120477dc1fa3e57922c805548e0065756a928efb634339816e060,2025-02-15T09:15:09.897000 -CVE-2024-13564,1,1,670dfa6497a58babcc45a1c7badc23fa2b82edd696d1f35f2fde4c33fed62d21,2025-02-22T09:15:23.687000 +CVE-2024-13564,0,0,670dfa6497a58babcc45a1c7badc23fa2b82edd696d1f35f2fde4c33fed62d21,2025-02-22T09:15:23.687000 CVE-2024-13565,0,0,09484b11000b3ae55a8d4aa1c14df152d867ff650645b8d7539db7f4a1952ba8,2025-02-18T05:15:13.803000 CVE-2024-13566,0,0,4e1012bf67cdbac097d1c63a1c7fd79c8a8116508864b50fb7c66cdc833178a3,2025-01-31T09:15:06.847000 CVE-2024-1357,0,0,25eaf5b978f8da82b4d3e5ed8aa890834adc21c061c9c9c169613a72fe6996b1,2024-11-21T08:50:24.283000 @@ -279630,7 +279630,7 @@ CVE-2025-1357,0,0,4433e1005a5e4201fdc796c40c8e7b39186d5a371766813fcd3008d782d857 CVE-2025-1358,0,0,4d6b176561a122e28555e921478a072441121d17ebc8ac0b01ef4350bb45d13a,2025-02-18T17:15:19.737000 CVE-2025-1359,0,0,a74490df0bf9cd453b684197a6da2b817f973233464d2e18244cbcb76e58d0cd,2025-02-16T20:15:08.817000 CVE-2025-1360,0,0,fb0d3aa81a9aae261cf8bbfc32f9a1a37cc5f63f6b37722c4b26a02ea0975887,2025-02-16T21:15:09.970000 -CVE-2025-1361,1,1,e77b22a19638f8547451c7f6624660e8ccc3d24ab0dabba372f722fe848e7063,2025-02-22T09:15:24.033000 +CVE-2025-1361,0,0,e77b22a19638f8547451c7f6624660e8ccc3d24ab0dabba372f722fe848e7063,2025-02-22T09:15:24.033000 CVE-2025-1364,0,0,6c9a498ed4da91fc543c9e0d0bc6b549f91692b353d2222b29ef08d5dcc47090,2025-02-16T23:15:09.087000 CVE-2025-1365,0,0,266b893d22f80eeaffc950fc5e5107cbf76b85b1dd425ff9e622ab0ee02beb92,2025-02-17T00:15:09.140000 CVE-2025-1366,0,0,27d217412c230d14f7fea472a75295f779bc457c8773cd971395f03e9546e238,2025-02-17T01:15:10.280000 @@ -279682,7 +279682,7 @@ CVE-2025-1543,0,0,079e018e26abed20b54fa2585c54e2a36ef2ea5d437d5ac399037949b75daa CVE-2025-1544,0,0,6dfefee8c1beb9250313ea7950237ab90994f9ae50b689b8e2c00c600bd9529e,2025-02-21T16:15:32.953000 CVE-2025-1546,0,0,7a27654d265dd0e0c87a112414ca356bea46a4aa4326e4b6c538ca7fa17cdb3d,2025-02-21T18:15:21.523000 CVE-2025-1548,0,0,dc77eed63b703112b11128556adaac7473d7e2c58e805a91497e7bcaa94271fc,2025-02-21T17:15:13.897000 -CVE-2025-1553,1,1,b76c346b19ed32adbb90097d30125f53b18d6b15a685f1353673e4fcdc636324,2025-02-22T10:15:09.853000 +CVE-2025-1553,0,0,b76c346b19ed32adbb90097d30125f53b18d6b15a685f1353673e4fcdc636324,2025-02-22T10:15:09.853000 CVE-2025-1555,0,0,1c7a4c27ed9d1502d0e15c0e5a57e371d72228c620058c2537224f8b85248601,2025-02-21T21:15:13.703000 CVE-2025-20014,0,0,9692e5cd581a413def58e50a6734c5a89401a76673de37fc6a41ad824a4429cc,2025-01-29T20:15:35.207000 CVE-2025-20016,0,0,6fccb84eb01c2cd66b422e82777f9738bfe5004121e1b551d0ae454724543c0e,2025-01-14T10:15:07.500000 @@ -280224,7 +280224,7 @@ CVE-2025-21700,0,0,3fc056d46af8f0b78d97452f108ed5d658c922ab699c8a2bb43cbeaf9fbd7 CVE-2025-21701,0,0,d7c054d565dcf2a6e8d7012de1892a0a2fe63adaff9755c9d55124b93699efd4,2025-02-21T14:15:55.747000 CVE-2025-21702,0,0,c64429a1c383d07aab5bc015806eb0d3b2a9a1b23a87fda2173c17df4896f90d,2025-02-18T15:15:18.530000 CVE-2025-21703,0,0,1b70a75eeb992a0cedbee9d2af799a85c7fa5ad6d64038ed6ea31d816ef224ad,2025-02-21T14:15:56.627000 -CVE-2025-21704,1,1,e026f221b6ea2c6334913aa4f1134eade120f5fc4a007942f64f63ed42e111bc,2025-02-22T10:15:11.263000 +CVE-2025-21704,0,0,e026f221b6ea2c6334913aa4f1134eade120f5fc4a007942f64f63ed42e111bc,2025-02-22T10:15:11.263000 CVE-2025-22129,0,0,d84466451eb5813ecdb45d579943a91ad86a0d891b836c8fd8053b0ece067119,2025-02-04T19:15:33.360000 CVE-2025-22130,0,0,a71c51c8237898c4394724aa5ef423b90094196082b564075e1f1cf6c2992343,2025-01-08T16:15:38.543000 CVE-2025-22131,0,0,69440877e24142b0c883a083dd220512bc0b0c9b1551c23031d4be6598836d66,2025-01-20T16:15:27.880000