admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-17T04:00:23.898158+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-17 06:00:26 +02:00
parent fc0ed82e8a
commit f338a1bd87
3 changed files with 137 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2023/CVE-2023-26xx/CVE-2023-2608.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-2608",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-17T02:15:10.997",
"lastModified": "2023-05-17T02:15:10.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/multiple-pages-generator-by-porthas/trunk/controllers/ProjectsListManage.php#L40",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2910686%40multiple-pages-generator-by-porthas%2Ftrunk&old=2905353%40multiple-pages-generator-by-porthas%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912909%40multiple-pages-generator-by-porthas&new=2912909%40multiple-pages-generator-by-porthas&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d900584c-0f58-4abc-92ff-841f898d02fc?source=cve",
"source": "security@wordfence.com"
}
]
}

63
CVE-2023/CVE-2023-27xx/CVE-2023-2706.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-2706",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-05-17T02:15:11.953",
"lastModified": "2023-05-17T02:15:11.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/mobile-login-woocommerce/tags/2.2/includes/class-xoo-ml-verification.php#L362",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2912731%40mobile-login-woocommerce&new=2912731%40mobile-login-woocommerce&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b1b7b653-496f-467a-9513-4be1891f38ae?source=cve",
"source": "security@wordfence.com"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-17T02:00:24.593424+00:00
2023-05-17T04:00:23.898158+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-17T01:15:10.013000+00:00
2023-05-17T02:15:11.953000+00:00
```
### Last Data Feed Release
@ -29,40 +29,21 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
215504
215506
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `2`
* [CVE-2022-42336](CVE-2022/CVE-2022-423xx/CVE-2022-42336.json) (`2023-05-17T01:15:09.480`)
* [CVE-2022-45144](CVE-2022/CVE-2022-451xx/CVE-2022-45144.json) (`2023-05-17T01:15:09.660`)
* [CVE-2023-1763](CVE-2023/CVE-2023-17xx/CVE-2023-1763.json) (`2023-05-17T01:15:09.833`)
* [CVE-2023-1764](CVE-2023/CVE-2023-17xx/CVE-2023-1764.json) (`2023-05-17T01:15:09.920`)
* [CVE-2023-2528](CVE-2023/CVE-2023-25xx/CVE-2023-2528.json) (`2023-05-17T00:15:09.027`)
* [CVE-2023-25394](CVE-2023/CVE-2023-253xx/CVE-2023-25394.json) (`2023-05-17T00:15:08.967`)
* [CVE-2023-30452](CVE-2023/CVE-2023-304xx/CVE-2023-30452.json) (`2023-05-17T00:15:09.107`)
* [CVE-2023-31847](CVE-2023/CVE-2023-318xx/CVE-2023-31847.json) (`2023-05-17T01:15:10.013`)
* [CVE-2023-31848](CVE-2023/CVE-2023-318xx/CVE-2023-31848.json) (`2023-05-17T00:15:09.150`)
* [CVE-2023-2608](CVE-2023/CVE-2023-26xx/CVE-2023-2608.json) (`2023-05-17T02:15:10.997`)
* [CVE-2023-2706](CVE-2023/CVE-2023-27xx/CVE-2023-2706.json) (`2023-05-17T02:15:11.953`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `0`
* [CVE-2021-31439](CVE-2021/CVE-2021-314xx/CVE-2021-31439.json) (`2023-05-17T01:15:08.743`)
* [CVE-2022-0194](CVE-2022/CVE-2022-01xx/CVE-2022-0194.json) (`2023-05-17T01:15:08.917`)
* [CVE-2022-23121](CVE-2022/CVE-2022-231xx/CVE-2022-23121.json) (`2023-05-17T01:15:09.043`)
* [CVE-2022-23122](CVE-2022/CVE-2022-231xx/CVE-2022-23122.json) (`2023-05-17T01:15:09.140`)
* [CVE-2022-23123](CVE-2022/CVE-2022-231xx/CVE-2022-23123.json) (`2023-05-17T01:15:09.223`)
* [CVE-2022-23124](CVE-2022/CVE-2022-231xx/CVE-2022-23124.json) (`2023-05-17T01:15:09.307`)
* [CVE-2022-23125](CVE-2022/CVE-2022-231xx/CVE-2022-23125.json) (`2023-05-17T01:15:09.390`)
* [CVE-2022-43634](CVE-2022/CVE-2022-436xx/CVE-2022-43634.json) (`2023-05-17T01:15:09.557`)
* [CVE-2022-45188](CVE-2022/CVE-2022-451xx/CVE-2022-45188.json) (`2023-05-17T01:15:09.737`)
* [CVE-2023-2663](CVE-2023/CVE-2023-26xx/CVE-2023-2663.json) (`2023-05-17T00:41:53.083`)
* [CVE-2023-2664](CVE-2023/CVE-2023-26xx/CVE-2023-2664.json) (`2023-05-17T00:41:27.203`)
* [CVE-2023-31472](CVE-2023/CVE-2023-314xx/CVE-2023-31472.json) (`2023-05-17T00:31:11.087`)
## Download and Usage