diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13023.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13023.json new file mode 100644 index 00000000000..a9b46d440df --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13023.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13023", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-29T21:15:06.020", + "lastModified": "2024-12-29T21:15:06.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289714", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289714", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.470461", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13024.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13024.json new file mode 100644 index 00000000000..9cf897ee0aa --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13024.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13024", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-29T21:15:06.220", + "lastModified": "2024-12-29T21:15:06.220", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/isRainy/VULDB/blob/main/Blood_Bank_Management_System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289715", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289715", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471038", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 663d93d56d4..07034e06114 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-29T21:00:18.943003+00:00 +2024-12-29T23:00:19.777358+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-29T20:15:05.980000+00:00 +2024-12-29T21:15:06.220000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275140 +275142 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-13019](CVE-2024/CVE-2024-130xx/CVE-2024-13019.json) (`2024-12-29T19:15:06.097`) -- [CVE-2024-13020](CVE-2024/CVE-2024-130xx/CVE-2024-13020.json) (`2024-12-29T19:15:07.273`) -- [CVE-2024-13021](CVE-2024/CVE-2024-130xx/CVE-2024-13021.json) (`2024-12-29T20:15:05.043`) -- [CVE-2024-13022](CVE-2024/CVE-2024-130xx/CVE-2024-13022.json) (`2024-12-29T20:15:05.980`) +- [CVE-2024-13023](CVE-2024/CVE-2024-130xx/CVE-2024-13023.json) (`2024-12-29T21:15:06.020`) +- [CVE-2024-13024](CVE-2024/CVE-2024-130xx/CVE-2024-13024.json) (`2024-12-29T21:15:06.220`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4b41d02b5a4..3f5506ebee3 100644 --- a/_state.csv +++ b/_state.csv @@ -245248,11 +245248,13 @@ CVE-2024-13015,0,0,3dcd014dbef30b2e70ec20ccecdaaf615115de618369fe62c340a42e4d8d8 CVE-2024-13016,0,0,b67ea70e64cef9d4f2f5d631157f934916ce9c950363c714e96ab8c161eaacc5,2024-12-29T16:15:05.300000 CVE-2024-13017,0,0,406d1ed5cbe2575a1a54010aafe73d57848810b7f6f5e6c2e0a9b1cec549270f,2024-12-29T17:15:05.873000 CVE-2024-13018,0,0,083b5e4e2fa86246983f0fd476b84784f9dac25dcba6ed963c92124634ebb897,2024-12-29T18:15:05.027000 -CVE-2024-13019,1,1,618d68837dff8847c83ac8da5f6bf61151a37eacb8552c1b36b157fc0963ce39,2024-12-29T19:15:06.097000 +CVE-2024-13019,0,0,618d68837dff8847c83ac8da5f6bf61151a37eacb8552c1b36b157fc0963ce39,2024-12-29T19:15:06.097000 CVE-2024-1302,0,0,50e21539c22b43b4db748f33a4680786d0cd3b39c9a7a5fc858bc75c33660782,2024-11-21T08:50:16.467000 -CVE-2024-13020,1,1,2916e522cf2b8d14142afa8629cb0d2116b3867d136a09d1c87f4d9b5a62f928,2024-12-29T19:15:07.273000 -CVE-2024-13021,1,1,521ad71af2c0629838bea435a2fcdf80dc49a418cbb2c1adaa365efc2f54aa2c,2024-12-29T20:15:05.043000 -CVE-2024-13022,1,1,31946f46234a2f885529fc55fb9df522feaa7112e2244bd255db91f99134c814,2024-12-29T20:15:05.980000 +CVE-2024-13020,0,0,2916e522cf2b8d14142afa8629cb0d2116b3867d136a09d1c87f4d9b5a62f928,2024-12-29T19:15:07.273000 +CVE-2024-13021,0,0,521ad71af2c0629838bea435a2fcdf80dc49a418cbb2c1adaa365efc2f54aa2c,2024-12-29T20:15:05.043000 +CVE-2024-13022,0,0,31946f46234a2f885529fc55fb9df522feaa7112e2244bd255db91f99134c814,2024-12-29T20:15:05.980000 +CVE-2024-13023,1,1,a6002ae756a126843e0244f11dec8062c69ff459b14d4771d8dead00e17d6b47,2024-12-29T21:15:06.020000 +CVE-2024-13024,1,1,e340e51a3df794ede6df3c6be7e441d083b7ba4e9dc9e86eed36ca28aec27427,2024-12-29T21:15:06.220000 CVE-2024-1303,0,0,922ad92b627c1129d744b1f80cb5c88d28598a22649a8dddf52c9956281bb86f,2024-11-21T08:50:16.593000 CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000 CVE-2024-1305,0,0,61bd2e20ff0aa394ece1e84d5d848dafdcba1e6f1c6375393ac194bd0f52a153,2024-11-21T08:50:16.840000