From a7d8796946ac78bc0cfec645451166574c8f44e6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 13 Jun 2024 04:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-06-13T04:00:24.026006+00:00 --- CVE-2024/CVE-2024-39xx/CVE-2024-3922.json | 47 +++++++++++++++++++++++ README.md | 14 +++---- _state.csv | 7 ++-- 3 files changed, 57 insertions(+), 11 deletions(-) create mode 100644 CVE-2024/CVE-2024-39xx/CVE-2024-3922.json diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3922.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3922.json new file mode 100644 index 00000000000..edddd52f163 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3922.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3922", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-13T02:15:08.833", + "lastModified": "2024-06-13T02:15:08.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://dokan.co/docs/wordpress/changelog/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9de41de-f2f7-4b16-8ec9-d30bbd3d8786?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bf3fb64dfba..b0683183ff3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-13T02:00:18.063699+00:00 +2024-06-13T04:00:24.026006+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-13T01:15:50.590000+00:00 +2024-06-13T02:15:08.833000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -253706 +253707 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `1` +- [CVE-2024-3922](CVE-2024/CVE-2024-39xx/CVE-2024-3922.json) (`2024-06-13T02:15:08.833`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `0` -- [CVE-2024-35235](CVE-2024/CVE-2024-352xx/CVE-2024-35235.json) (`2024-06-13T01:15:50.590`) -- [CVE-2024-4577](CVE-2024/CVE-2024-45xx/CVE-2024-4577.json) (`2024-06-13T01:00:02.087`) -- [CVE-2024-4610](CVE-2024/CVE-2024-46xx/CVE-2024-4610.json) (`2024-06-13T01:00:02.087`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 54ffd0615aa..754a6b95480 100644 --- a/_state.csv +++ b/_state.csv @@ -251330,7 +251330,7 @@ CVE-2024-35229,0,0,5ee88facfa68247ca9de07dbd334e85c15f8a3e466794415d20f2550dc151 CVE-2024-3523,0,0,154d27d1d83a25b71ff1e934ce7ae9d9233e3d50ef1f8829c89abcc116ac6a21,2024-05-17T02:39:58.793000 CVE-2024-35231,0,0,f8530b660fb5fe1a3f6068301d0584388b48db3deb576b79e05a1ef5783b526b,2024-05-28T12:39:28.377000 CVE-2024-35232,0,0,e11d112dbb50bd6ac52fe1023c1686a96b37e3a0e6e89d4fb71dc8ea03458586,2024-05-28T12:39:42.673000 -CVE-2024-35235,0,1,18441cb8b60e8c9ce81d63ca4fc9c309eaf0ccf26c16ca4e31e8706780f92fd6,2024-06-13T01:15:50.590000 +CVE-2024-35235,0,0,18441cb8b60e8c9ce81d63ca4fc9c309eaf0ccf26c16ca4e31e8706780f92fd6,2024-06-13T01:15:50.590000 CVE-2024-35236,0,0,9c23a184eb48860f429493171a4c62809168210276bc2ebf0f78566d7ec88f75,2024-05-28T12:39:28.377000 CVE-2024-35237,0,0,27687b26a7b23ba1ab2f1369afb101a3e55bbdfed6512210bc15966acab9b92b,2024-05-28T12:39:28.377000 CVE-2024-35238,0,0,90b2bf17c4613df420698bab76b724ca8e351da1091b572382c658446aa99656,2024-05-28T12:39:28.377000 @@ -252477,6 +252477,7 @@ CVE-2024-3917,0,0,55f83f03b9292263c532dbe29e254e7b9925f1a39645bd6835596489dfabe5 CVE-2024-3918,0,0,f0312710b8f2207cc4daf3e960aa8906c7e8839f8babda55f2853fd4763a97f9,2024-05-24T01:15:30.977000 CVE-2024-3920,0,0,5dbee28fbacc5f4bbc65481ff7f645499d60469b501d304207882ca441f74491,2024-05-24T01:15:30.977000 CVE-2024-3921,0,0,dc44586c5c7e1c74f5850e7b4d244cf53da902f950a29ac6c4f232f966454542,2024-05-29T13:02:09.280000 +CVE-2024-3922,1,1,440e5b6dedddefad66ba06f1cd9ab863e6048e6d8f1fc7f712c4943dae35cab6,2024-06-13T02:15:08.833000 CVE-2024-3923,0,0,dcd7a979944a34edd9f4dd960691916feb4f3b194c37e215c41a761a1e13cac2,2024-05-14T16:11:39.510000 CVE-2024-3924,0,0,396cfe762c72fbd5a1960b1ddaed612b95d18abd602e0e4dd151e2967ca06c2d,2024-05-30T18:19:11.743000 CVE-2024-3925,0,0,ffb03ad3d7681dbc7a2ac7c0d5b931072feb525f55dbac91a3db33362697e56f,2024-06-12T08:15:50.500000 @@ -252946,7 +252947,7 @@ CVE-2024-4571,0,0,b379f15291a8a65b330c223bc6a31fd0a21b183a906c0a4077ca3cf5d38b8a CVE-2024-4572,0,0,f5ca5c1acec751c453949e3111f6be45773ff402d3c1d2b8e88127a059aa7b1b,2024-05-14T15:44:06.153000 CVE-2024-4574,0,0,313ec0d117ac92e67c29da349740abe9395db1d3208f8156cb88d417271721b1,2024-05-14T16:11:39.510000 CVE-2024-4575,0,0,6bded3a6c54fd2b7daead76b33ebe13f0b01e085cf3109c110abbf745910c26e,2024-05-24T01:15:30.977000 -CVE-2024-4577,0,1,99745c29f0fc9c6c0b18373abc31f13626ab0e1c3857aea5a10a4935216b30e9,2024-06-13T01:00:02.087000 +CVE-2024-4577,0,0,99745c29f0fc9c6c0b18373abc31f13626ab0e1c3857aea5a10a4935216b30e9,2024-06-13T01:00:02.087000 CVE-2024-4579,0,0,92215db7ae90e73ed5f9ed593ac042a14c345d9cfa9b9e96b650abf914d87abf,2024-05-14T15:44:07.607000 CVE-2024-4580,0,0,8eea2c6efcadf197a7eb186820cafc4d96f736bb0925ed6e0f257f524d44d971,2024-05-16T13:03:05.353000 CVE-2024-4581,0,0,76d80edc646ff1ece35896e94283319c4ca53356d1c75c256f7ea9adb85effeb,2024-06-04T16:57:41.053000 @@ -252974,7 +252975,7 @@ CVE-2024-4605,0,0,953638d724b858b3af29d2158adc8bf0b3f03be99b297e319002baf558be51 CVE-2024-4606,0,0,6a0f9aa1de71c84cf915c091fa2bebebead3ebb4c4bdbaf5b5bc091e1c955edc,2024-05-14T16:11:39.510000 CVE-2024-4608,0,0,66fd8dbc7b1c172bc789c4876374c82bfd54c48e5902295fa28145d061770319,2024-06-06T14:17:35.017000 CVE-2024-4609,0,0,c23c3de39dc98d86dc6853d31c2bc52148fecec26ec42d14e3cca3645de4f823,2024-05-17T18:36:31.297000 -CVE-2024-4610,0,1,81ff3ae6e48750d7db743becd24b39c747725961f69d5bed9a772eadd337b280,2024-06-13T01:00:02.087000 +CVE-2024-4610,0,0,81ff3ae6e48750d7db743becd24b39c747725961f69d5bed9a772eadd337b280,2024-06-13T01:00:02.087000 CVE-2024-4611,0,0,0152495de6f2454e6b1280dd3d20184c586b399950947591d94dfb5475ea0272,2024-05-29T13:02:09.280000 CVE-2024-4614,0,0,beb5630ff5db8a415fa4bf6f109dad49279ea5965bb91a1d7f892cd406978f05,2024-05-14T15:44:12.883000 CVE-2024-4617,0,0,a9ac6f97f78093fda60c756da599c06372e99e21d7b1347de185ba0119cb6cca,2024-05-16T13:03:05.353000