From d38ce573cabf3814b3236a387314e1c373091a67 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sun, 10 Dec 2023 11:00:23 +0000
Subject: [PATCH] Auto-Update: 2023-12-10T11:00:19.594846+00:00

---
 CVE-2023/CVE-2023-66xx/CVE-2023-6648.json | 88 +++++++++++++++++++++++
 CVE-2023/CVE-2023-66xx/CVE-2023-6649.json | 88 +++++++++++++++++++++++
 README.md                                 | 11 +--
 3 files changed, 182 insertions(+), 5 deletions(-)
 create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6648.json
 create mode 100644 CVE-2023/CVE-2023-66xx/CVE-2023-6649.json

diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json
new file mode 100644
index 00000000000..aaf938aeff2
--- /dev/null
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6648.json
@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-6648",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-12-10T09:15:06.913",
+  "lastModified": "2023-12-10T09:15:06.913",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/dhabaleshwar/niv_testing_sqliforgotpassword/blob/main/exploit.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.247341",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.247341",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6649.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6649.json
new file mode 100644
index 00000000000..889b73a5cf0
--- /dev/null
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6649.json
@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2023-6649",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2023-12-10T10:15:07.263",
+  "lastModified": "2023-12-10T10:15:07.263",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input <script>alert(5)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 10.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/tsas-reflected-xss.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.247342",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.247342",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 04536cd7c83..2125cf8cf46 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2023-12-10T09:00:19.931463+00:00
+2023-12-10T11:00:19.594846+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2023-12-10T07:15:44.100000+00:00
+2023-12-10T10:15:07.263000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,14 +29,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-232672
+232674
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-* [CVE-2023-6647](CVE-2023/CVE-2023-66xx/CVE-2023-6647.json) (`2023-12-10T07:15:44.100`)
+* [CVE-2023-6648](CVE-2023/CVE-2023-66xx/CVE-2023-6648.json) (`2023-12-10T09:15:06.913`)
+* [CVE-2023-6649](CVE-2023/CVE-2023-66xx/CVE-2023-6649.json) (`2023-12-10T10:15:07.263`)
 
 
 ### CVEs modified in the last Commit