diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5362.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5362.json new file mode 100644 index 00000000000..083a619a8c7 --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5362.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5362", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T12:15:08.023", + "lastModified": "2024-05-26T12:15:08.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in SourceCodester Online Hospital Management System 1.0. Affected is an unknown function of the file departmentDoctor.php. The manipulation of the argument deptid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-266274 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CveSecLook/cve/issues/41", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266274", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266274", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.343373", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5363.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5363.json new file mode 100644 index 00000000000..d43aacb665a --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5363.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5363", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T12:15:08.353", + "lastModified": "2024-05-26T12:15:08.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in SourceCodester Best House Rental Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266275." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266275", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266275", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.343427", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5364.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5364.json new file mode 100644 index 00000000000..632734da1a9 --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5364.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5364", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T13:15:08.380", + "lastModified": "2024-05-26T13:15:08.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System up to 1.0. Affected by this issue is some unknown functionality of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266276." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266276", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266276", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.343431", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5365.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5365.json new file mode 100644 index 00000000000..e1be3f78461 --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5365.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5365", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T13:15:08.653", + "lastModified": "2024-05-26T13:15:08.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Best House Rental Management System up to 1.0. This affects an unknown part of the file manage_payment.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266277 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rockersiyuan/CVE/blob/main/SourceCodester_House_Rental_Management_System_Sql_Inject-3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266277", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266277", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.343432", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bffe294e744..e4eaed15c95 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-26T12:00:37.924521+00:00 +2024-05-26T14:00:38.136786+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-26T11:15:08.417000+00:00 +2024-05-26T13:15:08.653000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251791 +251795 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -- [CVE-2024-5359](CVE-2024/CVE-2024-53xx/CVE-2024-5359.json) (`2024-05-26T10:15:08.020`) -- [CVE-2024-5360](CVE-2024/CVE-2024-53xx/CVE-2024-5360.json) (`2024-05-26T11:15:08.130`) -- [CVE-2024-5361](CVE-2024/CVE-2024-53xx/CVE-2024-5361.json) (`2024-05-26T11:15:08.417`) +- [CVE-2024-5362](CVE-2024/CVE-2024-53xx/CVE-2024-5362.json) (`2024-05-26T12:15:08.023`) +- [CVE-2024-5363](CVE-2024/CVE-2024-53xx/CVE-2024-5363.json) (`2024-05-26T12:15:08.353`) +- [CVE-2024-5364](CVE-2024/CVE-2024-53xx/CVE-2024-5364.json) (`2024-05-26T13:15:08.380`) +- [CVE-2024-5365](CVE-2024/CVE-2024-53xx/CVE-2024-5365.json) (`2024-05-26T13:15:08.653`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 8ca61d8215c..be91d8a02d7 100644 --- a/_state.csv +++ b/_state.csv @@ -251787,6 +251787,10 @@ CVE-2024-5355,0,0,65ae2b1873eb97b202664f655fcc59894c785d60507962a268bf3d380f7f90 CVE-2024-5356,0,0,6cd43a45212db20d05272659a2831f93c3cf7f99aea8b643606ea82688463eb0,2024-05-26T08:15:08.367000 CVE-2024-5357,0,0,f159b385710c4120d6e13538cc460aae996ada96d1b056a28dbfd595fa3df182,2024-05-26T08:15:08.797000 CVE-2024-5358,0,0,64bdda4acbdc3b635b33efd8e0f097cb707bac96c66a022aceede441965a8d81,2024-05-26T09:15:08.490000 -CVE-2024-5359,1,1,993866026c863d39c41ef0fed0683bdaecf821741df2c2c04854320122e62a24,2024-05-26T10:15:08.020000 -CVE-2024-5360,1,1,30efa02d25ee6c063198980620ff858dba067ccd5300536bd167fa87f0fca4d4,2024-05-26T11:15:08.130000 -CVE-2024-5361,1,1,280dd8b1dcdfeeb66eb57662955022472ed9d97d66c3296ab1cada9e79493b88,2024-05-26T11:15:08.417000 +CVE-2024-5359,0,0,993866026c863d39c41ef0fed0683bdaecf821741df2c2c04854320122e62a24,2024-05-26T10:15:08.020000 +CVE-2024-5360,0,0,30efa02d25ee6c063198980620ff858dba067ccd5300536bd167fa87f0fca4d4,2024-05-26T11:15:08.130000 +CVE-2024-5361,0,0,280dd8b1dcdfeeb66eb57662955022472ed9d97d66c3296ab1cada9e79493b88,2024-05-26T11:15:08.417000 +CVE-2024-5362,1,1,1f719bf89adf193a058bcd3fb4dfa58a152e243771f45587b2586f74a3b4224b,2024-05-26T12:15:08.023000 +CVE-2024-5363,1,1,1c4b8a783a4990cc7a69f69a871e5bb0879fd479ee79b16e64da69e48dd57172,2024-05-26T12:15:08.353000 +CVE-2024-5364,1,1,e537969bdfb6345339b48b4c00a2b452e1565f0e60fd02fb6b0097d4a0eb232b,2024-05-26T13:15:08.380000 +CVE-2024-5365,1,1,70b3c437e8b7950cc163bdbadb7706ed3eced9f522fa752b27315af8ad62f703,2024-05-26T13:15:08.653000