diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9316.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9316.json new file mode 100644 index 00000000000..a6a4653e055 --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9316.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9316", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-28T20:15:02.280", + "lastModified": "2024-09-28T20:15:02.280", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/cookie5201314/CVE/blob/main/sql2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278820", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278820", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.412584", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9317.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9317.json new file mode 100644 index 00000000000..45561dd2419 --- /dev/null +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9317.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-9317", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-09-28T21:15:10.783", + "lastModified": "2024-09-28T21:15:10.783", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is the function delete_category of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/o0wll/cve/blob/main/sql.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.278821", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.278821", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.412748", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fc221bf54ba..9ecc1049380 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-28T20:00:17.588846+00:00 +2024-09-28T22:00:17.441432+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-28T19:15:12.353000+00:00 +2024-09-28T21:15:10.783000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -264096 +264098 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-9315](CVE-2024/CVE-2024-93xx/CVE-2024-9315.json) (`2024-09-28T19:15:12.353`) +- [CVE-2024-9316](CVE-2024/CVE-2024-93xx/CVE-2024-9316.json) (`2024-09-28T20:15:02.280`) +- [CVE-2024-9317](CVE-2024/CVE-2024-93xx/CVE-2024-9317.json) (`2024-09-28T21:15:10.783`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2023-32824](CVE-2023/CVE-2023-328xx/CVE-2023-32824.json) (`2024-09-28T18:35:00.510`) -- [CVE-2024-42025](CVE-2024/CVE-2024-420xx/CVE-2024-42025.json) (`2024-09-28T18:35:02.277`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 029fd9a6e35..cd45fe671c4 100644 --- a/_state.csv +++ b/_state.csv @@ -224852,7 +224852,7 @@ CVE-2023-32820,0,0,c5b1a9492bae196afe19ae41b308e37d000eda1ca8589b7aaeb0da7b947ce CVE-2023-32821,0,0,d176157872121eed2781e61209c337e329a2c1fa5d013d18550ee5b088b97e72,2023-10-03T01:10:44.100000 CVE-2023-32822,0,0,5eccf998d870e20487d82fbae50692e0f2b834c9094bb8239ca96608937b0a41,2024-09-23T16:35:06.840000 CVE-2023-32823,0,0,c79648285cd024da0167d35d31f954a812139b3a880cd127a35a6b9daa0e4605,2024-09-23T16:35:07.743000 -CVE-2023-32824,0,1,6915ede2fa5bbcae480ab3f17c56d059e5ed4808bf71135dbcfc79451d8e3b0e,2024-09-28T18:35:00.510000 +CVE-2023-32824,0,0,6915ede2fa5bbcae480ab3f17c56d059e5ed4808bf71135dbcfc79451d8e3b0e,2024-09-28T18:35:00.510000 CVE-2023-32825,0,0,4d951244a3034e7e148d958c4fde86bb8e3198d5c4adad847f95bad235aed891,2023-11-13T18:51:48.043000 CVE-2023-32826,0,0,16c6cd1f14a315c0a20ae139a1ad19f2ce5feaa9b72eb7e640c67ad6da2f2ed6,2024-09-21T16:35:03.330000 CVE-2023-32827,0,0,ef41d0f2c1c5cfc16ed9ec7554b5e76f64c7725bdc1ef4e38829af2a10e7b4ea,2024-09-21T16:35:04.183000 @@ -258252,7 +258252,7 @@ CVE-2024-42021,0,0,92fcf0a329a30077e7207f0242d35213efc1d1dd2f8104ea65b7c53bf17c0 CVE-2024-42022,0,0,9cf24962f372bb813f8c933991a85f958eb86110c2be996c8eb09086ce39756e,2024-09-09T15:35:09.917000 CVE-2024-42023,0,0,53353d8a90b9dac8026225178af7324a7ea88240793050bf3d93683b0cc8146b,2024-09-09T14:35:05.330000 CVE-2024-42024,0,0,eea273d7d39998984ace805bb73fbe19d77f000a62e0385bbb38378893265667,2024-09-09T14:35:06.053000 -CVE-2024-42025,0,1,8c1d228ed90571100df9823974eb0ba9e627f86789cc232c3042885df4b8d2fe,2024-09-28T18:35:02.277000 +CVE-2024-42025,0,0,8c1d228ed90571100df9823974eb0ba9e627f86789cc232c3042885df4b8d2fe,2024-09-28T18:35:02.277000 CVE-2024-42029,0,0,b7c83a25bc8a9601f6f3c6ebb603ce94146556b10d1f548176b0b38619ce3b21,2024-08-01T13:59:17.407000 CVE-2024-4203,0,0,52cf8a9be62388459acdc9c8c655685172127a00eca72ac9344c4d8920cfc78f,2024-05-02T18:00:37.360000 CVE-2024-42030,0,0,59fa56f47f76e92b6c6c6a3fdcb37d68b092a6ac90822c136b288bb49e8250df,2024-08-20T16:55:16.100000 @@ -264094,4 +264094,6 @@ CVE-2024-9298,0,0,2f4e6c82eec176574620d4340a003c33a2c20e43e1eb64c4140e5caefaeeb5 CVE-2024-9299,0,0,799e3f49439baf2432b26834e94671a2c07ca8bcc110298b74e6fbc73a1e5279,2024-09-28T14:15:02.540000 CVE-2024-9300,0,0,4aee81e48dbe8631e425ca1253bf1fefcd0e37e8736692eb326116d6964fe2c0,2024-09-28T15:15:14.263000 CVE-2024-9301,0,0,f7d62ae99cd0d6877c5db63fcb4f2c0f8f043fbb8339f25415912b7f29acecf1,2024-09-27T18:15:06.163000 -CVE-2024-9315,1,1,1aaf0b25bc5db159a5983cc16616c1ec4eda1359782a55e5468dbd7b3fd618c0,2024-09-28T19:15:12.353000 +CVE-2024-9315,0,0,1aaf0b25bc5db159a5983cc16616c1ec4eda1359782a55e5468dbd7b3fd618c0,2024-09-28T19:15:12.353000 +CVE-2024-9316,1,1,885b5aadb6325a477167b023e058998d0e537cb489dccafe50b89208946e54a4,2024-09-28T20:15:02.280000 +CVE-2024-9317,1,1,690e444ec011bf1361fdd2bbc9cdec3497358092c2cc8cdf0f08f746b48adc8b,2024-09-28T21:15:10.783000