From d48bd7be8188382d22e917df8556427cde26a72e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 22 Sep 2024 22:03:18 +0000 Subject: [PATCH] Auto-Update: 2024-09-22T22:00:17.007546+00:00 --- CVE-2024/CVE-2024-90xx/CVE-2024-9086.json | 141 ++++++++++++++++++++++ README.md | 8 +- _state.csv | 3 +- 3 files changed, 147 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-90xx/CVE-2024-9086.json diff --git a/CVE-2024/CVE-2024-90xx/CVE-2024-9086.json b/CVE-2024/CVE-2024-90xx/CVE-2024-9086.json new file mode 100644 index 00000000000..861af6eb4bd --- /dev/null +++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9086.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9086", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-22T21:15:10.813", + "lastModified": "2024-09-22T21:15:10.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"from\" to be affected. But it must be assumed that parameter \"to\" is affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/ppp-src/a/issues/20", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278262", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278262", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.411850", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1643e612126..99d28414d45 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-22T14:00:16.802267+00:00 +2024-09-22T22:00:17.007546+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-22T13:15:10.960000+00:00 +2024-09-22T21:15:10.813000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -263543 +263544 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-40703](CVE-2024/CVE-2024-407xx/CVE-2024-40703.json) (`2024-09-22T13:15:10.960`) +- [CVE-2024-9086](CVE-2024/CVE-2024-90xx/CVE-2024-9086.json) (`2024-09-22T21:15:10.813`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index dbd86b673cf..3bbe8df6bd9 100644 --- a/_state.csv +++ b/_state.csv @@ -257279,7 +257279,7 @@ CVE-2024-4069,0,0,fc5a2986d6746eec6d2dc8871a19fd31bd3dae122b27ac5ac325372fce08ed CVE-2024-40690,0,0,90531c3f5bf2655a59eec8750bd49d0d616cedd303a52fde5af4cabda07abfea,2024-09-10T16:16:41.940000 CVE-2024-40697,0,0,f856503bb71a9cc35c4f2b21ad4463650d9c9dc59f1e2e3c8f1061ecb691990a,2024-08-22T13:27:20.743000 CVE-2024-4070,0,0,f50441c69b27e00682c793729b411e41b0ab8839510e28fbeccbd72a35bcaeb5,2024-06-04T19:20:29.567000 -CVE-2024-40703,1,1,1e4030df18c5f03a1741d9ae75e328b962242238c8781437cb3beb4bd9144177,2024-09-22T13:15:10.960000 +CVE-2024-40703,0,0,1e4030df18c5f03a1741d9ae75e328b962242238c8781437cb3beb4bd9144177,2024-09-22T13:15:10.960000 CVE-2024-40704,0,0,3edc9bce3fb2efa51a5394090ae34392088b6a2e45c2b3fd2dca38dfa067bb31,2024-08-15T20:03:13.530000 CVE-2024-40705,0,0,eaf406061f744f9b9d1df77f0e2bd923d25751eaa5d5e839a69fa1e668b20b9c,2024-08-15T19:57:34.780000 CVE-2024-40709,0,0,b9cade7c7de2b7d37190896234716fcd464e3b6f075536b64a6ecace1ca81e79,2024-09-09T15:35:08.283000 @@ -263542,3 +263542,4 @@ CVE-2024-9082,0,0,8c51ec3aa7c134f0a037ba432a719b3b9580e08290aa961bcc251a391e2173 CVE-2024-9083,0,0,720ca5fe35d1d7daa80787597ec3ebb478418f6cedb268aed929720423b1d17f,2024-09-22T09:15:02.520000 CVE-2024-9084,0,0,504c9de5ef5f6bc61c459eb4079f090a8e3c9935178f338f671194de063a4263,2024-09-22T09:15:03.047000 CVE-2024-9085,0,0,81aa0dfb4f5019831f841378181f944eb206bbbc088679eae52e76ba4cb4ec33,2024-09-22T08:15:02.393000 +CVE-2024-9086,1,1,7e7b21b694ab62f84d3b7a86d59048c6730d56b0ceb29d59976980dcab448d4e,2024-09-22T21:15:10.813000