From d23e929ca13def18aec600c1c9258824670dd885 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sun, 6 Apr 2025 16:03:53 +0000
Subject: [PATCH] Auto-Update: 2025-04-06T16:00:19.600211+00:00

---
 CVE-2025/CVE-2025-33xx/CVE-2025-3318.json | 137 ++++++++++++++++++++++
 README.md                                 |   8 +-
 _state.csv                                |   3 +-
 3 files changed, 143 insertions(+), 5 deletions(-)
 create mode 100644 CVE-2025/CVE-2025-33xx/CVE-2025-3318.json

diff --git a/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json b/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json
new file mode 100644
index 00000000000..8d57d5e11fe
--- /dev/null
+++ b/CVE-2025/CVE-2025-33xx/CVE-2025-3318.json
@@ -0,0 +1,137 @@
+{
+  "id": "CVE-2025-3318",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-04-06T14:15:35.690",
+  "lastModified": "2025-04-06T14:15:35.690",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in Kenj_Frog \u80af\u5c3c\u57fa\u86d9 company-financial-management \u516c\u53f8\u8d22\u52a1\u7ba1\u7406\u7cfb\u7edf 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnConfidentialityImpact": "LOW",
+          "vulnIntegrityImpact": "LOW",
+          "vulnAvailabilityImpact": "LOW",
+          "subConfidentialityImpact": "NONE",
+          "subIntegrityImpact": "NONE",
+          "subAvailabilityImpact": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirement": "NOT_DEFINED",
+          "integrityRequirement": "NOT_DEFINED",
+          "availabilityRequirement": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
+          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
+          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
+          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
+          "modifiedSubIntegrityImpact": "NOT_DEFINED",
+          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
+          "Safety": "NOT_DEFINED",
+          "Automatable": "NOT_DEFINED",
+          "Recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-74"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/Kenj_Frog/company-financial-management/issues/IBM6D9",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.303517",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.303517",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index fd548d109a7..a6dd5d8b3cd 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2025-04-06T14:00:26.933672+00:00
+2025-04-06T16:00:19.600211+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2025-04-06T12:15:14.923000+00:00
+2025-04-06T14:15:35.690000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-288722
+288723
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-- [CVE-2025-3317](CVE-2025/CVE-2025-33xx/CVE-2025-3317.json) (`2025-04-06T12:15:14.923`)
+- [CVE-2025-3318](CVE-2025/CVE-2025-33xx/CVE-2025-3318.json) (`2025-04-06T14:15:35.690`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index 62dffdbc375..0a660d70252 100644
--- a/_state.csv
+++ b/_state.csv
@@ -288720,4 +288720,5 @@ CVE-2025-3313,0,0,172cf2934ef6583754b95d1a1c6a8929e37a90b43eebe2f982e398a3dd39bc
 CVE-2025-3314,0,0,a32c48c2289fd3933feefe7b6a0a9bf911beb1fa21385e30072f620ea470a201,2025-04-06T09:15:14.670000
 CVE-2025-3315,0,0,9776cb51c8d38710e9030f960166522adc4aae91b7ff11648399ee90f9908a2e,2025-04-06T10:15:14.840000
 CVE-2025-3316,0,0,fc4d587cd5ac49c70a66a30fbc023322e933c9de67f1c943ba865d091e57d516,2025-04-06T11:15:39.240000
-CVE-2025-3317,1,1,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000
+CVE-2025-3317,0,0,3890e20ca65cea828acb6fd8ea5595e1b7f850c03a9aa2c7b21964afa7043aae,2025-04-06T12:15:14.923000
+CVE-2025-3318,1,1,d9d58a29ab53394429f6599af713452c47986a9bbb8bd453c5f2db8c0c17b0d2,2025-04-06T14:15:35.690000