Auto-Update: 2024-09-22T22:00:17.007546+00:00

2025-07-09 16:05:11 +00:00 · 2024-09-22 22:03:18 +00:00 · 2024-09-22 22:03:18 +00:00 · d48bd7be81
commit d48bd7be81
parent 23631b33d2
3 changed files with 147 additions and 5 deletions
--- a/CVE-2024/CVE-2024-90xx/CVE-2024-9086.json
+++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9086.json
@ -0,0 +1,141 @@
+{
+  "id": "CVE-2024-9086",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-09-22T21:15:10.813",
+  "lastModified": "2024-09-22T21:15:10.813",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"from\" to be affected. But it must be assumed that parameter \"to\" is affected as well."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://code-projects.org/",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/ppp-src/a/issues/20",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.278262",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.278262",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.411850",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-22T14:00:16.802267+00:00
+2024-09-22T22:00:17.007546+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-22T13:15:10.960000+00:00
+2024-09-22T21:15:10.813000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-263543
+263544
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `1`

- [CVE-2024-40703](CVE-2024/CVE-2024-407xx/CVE-2024-40703.json) (`2024-09-22T13:15:10.960`)
+- [CVE-2024-9086](CVE-2024/CVE-2024-90xx/CVE-2024-9086.json) (`2024-09-22T21:15:10.813`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -257279,7 +257279,7 @@ CVE-2024-4069,0,0,fc5a2986d6746eec6d2dc8871a19fd31bd3dae122b27ac5ac325372fce08ed
 CVE-2024-40690,0,0,90531c3f5bf2655a59eec8750bd49d0d616cedd303a52fde5af4cabda07abfea,2024-09-10T16:16:41.940000
 CVE-2024-40697,0,0,f856503bb71a9cc35c4f2b21ad4463650d9c9dc59f1e2e3c8f1061ecb691990a,2024-08-22T13:27:20.743000
 CVE-2024-4070,0,0,f50441c69b27e00682c793729b411e41b0ab8839510e28fbeccbd72a35bcaeb5,2024-06-04T19:20:29.567000
-CVE-2024-40703,1,1,1e4030df18c5f03a1741d9ae75e328b962242238c8781437cb3beb4bd9144177,2024-09-22T13:15:10.960000
+CVE-2024-40703,0,0,1e4030df18c5f03a1741d9ae75e328b962242238c8781437cb3beb4bd9144177,2024-09-22T13:15:10.960000
 CVE-2024-40704,0,0,3edc9bce3fb2efa51a5394090ae34392088b6a2e45c2b3fd2dca38dfa067bb31,2024-08-15T20:03:13.530000
 CVE-2024-40705,0,0,eaf406061f744f9b9d1df77f0e2bd923d25751eaa5d5e839a69fa1e668b20b9c,2024-08-15T19:57:34.780000
 CVE-2024-40709,0,0,b9cade7c7de2b7d37190896234716fcd464e3b6f075536b64a6ecace1ca81e79,2024-09-09T15:35:08.283000
@ -263542,3 +263542,4 @@ CVE-2024-9082,0,0,8c51ec3aa7c134f0a037ba432a719b3b9580e08290aa961bcc251a391e2173
 CVE-2024-9083,0,0,720ca5fe35d1d7daa80787597ec3ebb478418f6cedb268aed929720423b1d17f,2024-09-22T09:15:02.520000
 CVE-2024-9084,0,0,504c9de5ef5f6bc61c459eb4079f090a8e3c9935178f338f671194de063a4263,2024-09-22T09:15:03.047000
 CVE-2024-9085,0,0,81aa0dfb4f5019831f841378181f944eb206bbbc088679eae52e76ba4cb4ec33,2024-09-22T08:15:02.393000
+CVE-2024-9086,1,1,7e7b21b694ab62f84d3b7a86d59048c6730d56b0ceb29d59976980dcab448d4e,2024-09-22T21:15:10.813000