diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json new file mode 100644 index 00000000000..8d57d5e11fe --- /dev/null +++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2025-3318", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-04-06T14:15:35.690", + "lastModified": "2025-04-06T14:15:35.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Kenj_Frog \u80af\u5c3c\u57fa\u86d9 company-financial-management \u516c\u53f8\u8d22\u52a1\u7ba1\u7406\u7cfb\u7edf 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "LOW", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirement": "NOT_DEFINED", + "integrityRequirement": "NOT_DEFINED", + "availabilityRequirement": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnConfidentialityImpact": "NOT_DEFINED", + "modifiedVulnIntegrityImpact": "NOT_DEFINED", + "modifiedVulnAvailabilityImpact": "NOT_DEFINED", + "modifiedSubConfidentialityImpact": "NOT_DEFINED", + "modifiedSubIntegrityImpact": "NOT_DEFINED", + "modifiedSubAvailabilityImpact": "NOT_DEFINED", + "Safety": "NOT_DEFINED", + "Automatable": "NOT_DEFINED", + "Recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.303517", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.303517", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fd548d109a7..a6dd5d8b3cd 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-04-06T14:00:26.933672+00:00 +2025-04-06T16:00:19.600211+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-04-06T12:15:14.923000+00:00 +2025-04-06T14:15:35.690000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -288722 +288723 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2025-3317](CVE-2025/CVE-2025-33xx/CVE-2025-3317.json) (`2025-04-06T12:15:14.923`) +- [CVE-2025-3318](CVE-2025/CVE-2025-33xx/CVE-2025-3318.json) (`2025-04-06T14:15:35.690`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 62dffdbc375..0a660d70252 100644 --- a/_state.csv +++ b/_state.csv @@ -288720,4 +288720,5 @@ CVE-2025-3313,0,0,172cf2934ef6583754b95d1a1c6a8929e37a90b43eebe2f982e398a3dd39bc CVE-2025-3314,0,0,a32c48c2289fd3933feefe7b6a0a9bf911beb1fa21385e30072f620ea470a201,2025-04-06T09:15:14.670000 CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a2e,2025-04-06T10:15:14.840000 CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000 -CVE-2025-3317,1,1,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000 +CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000 +CVE-2025-3318,1,1,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000