Auto-Update: 2025-04-06T16:00:19.600211+00:00

2025-07-09 16:05:11 +00:00 · 2025-04-06 16:03:53 +00:00 · 2025-04-06 16:03:53 +00:00 · d23e929ca1
commit d23e929ca1
parent 7e504a6d4b
3 changed files with 143 additions and 5 deletions
--- a/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json
+++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json
@ -0,0 +1,137 @@
+{
+  "id": "CVE-2025-3318",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-04-06T14:15:35.690",
+  "lastModified": "2025-04-06T14:15:35.690",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in Kenj_Frog \u80af\u5c3c\u57fa\u86d9 company-financial-management \u516c\u53f8\u8d22\u52a1\u7ba1\u7406\u7cfb\u7edf 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.303517",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.303517",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-04-06T14:00:26.933672+00:00
+2025-04-06T16:00:19.600211+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-04-06T12:15:14.923000+00:00
+2025-04-06T14:15:35.690000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-288722
+288723
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2025-3317](CVE-2025/CVE-2025-33xx/CVE-2025-3317.json) (`2025-04-06T12:15:14.923`)
+- [CVE-2025-3318](CVE-2025/CVE-2025-33xx/CVE-2025-3318.json) (`2025-04-06T14:15:35.690`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -288720,4 +288720,5 @@ CVE-2025-3313,0,0,172cf2934ef6583754b95d1a1c6a8929e37a90b43eebe2f982e398a3dd39bc
 CVE-2025-3314,0,0,a32c48c2289fd3933feefe7b6a0a9bf911beb1fa21385e30072f620ea470a201,2025-04-06T09:15:14.670000
 CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a2e,2025-04-06T10:15:14.840000
 CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000
-CVE-2025-3317,1,1,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000
+CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000
+CVE-2025-3318,1,1,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000