Auto-Update: 2025-01-06T03:00:31.714138+00:00

2025-05-08 03:27:17 +00:00 · 2025-01-06 03:03:58 +00:00 · 2025-01-06 03:03:58 +00:00 · ffc26f1f6a
commit ffc26f1f6a
parent f33e4da06c
3 changed files with 156 additions and 13 deletions
--- a/CVE-2024/CVE-2024-131xx/CVE-2024-13145.json
+++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13145.json
@ -0,0 +1,145 @@
+{
+  "id": "CVE-2024-13145",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2025-01-06T01:15:06.253",
+  "lastModified": "2025-01-06T01:15:06.253",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/ZHENFENG13/My-Blog/issues/141",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/ZHENFENG13/My-Blog/issues/141#issue-2759820153",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.290233",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.290233",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.469221",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2025-01-06T00:55:19.769820+00:00
+2025-01-06T03:00:31.714138+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2025-01-06T00:15:05.633000+00:00
+2025-01-06T01:15:06.253000+00:00
 ```

 ### Last Data Feed Release
@ -27,23 +27,20 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2025-01-05T01:00:04.376575+00:00
+2025-01-06T01:00:04.358115+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-275747
+275748
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `1`

- [CVE-2024-13142](CVE-2024/CVE-2024-131xx/CVE-2024-13142.json) (`2025-01-05T23:15:06.467`)
- [CVE-2024-13143](CVE-2024/CVE-2024-131xx/CVE-2024-13143.json) (`2025-01-06T00:15:05.460`)
- [CVE-2024-13144](CVE-2024/CVE-2024-131xx/CVE-2024-13144.json) (`2025-01-06T00:15:05.633`)
- [CVE-2025-0233](CVE-2025/CVE-2025-02xx/CVE-2025-0233.json) (`2025-01-05T23:15:07.320`)
+- [CVE-2024-13145](CVE-2024/CVE-2024-131xx/CVE-2024-13145.json) (`2025-01-06T01:15:06.253`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -245459,9 +245459,10 @@ CVE-2024-13138,0,0,3a3b18ed00598e7695cbde7f87e909bb594ffa902be1c82ea14d41c8c6711
 CVE-2024-13139,0,0,c1ed4a968ae444af8bf29c392f5a432bc37c326640c8ea7589aed59510006f8d,2025-01-05T11:15:07.247000
 CVE-2024-13140,0,0,280859b2e6d3787ec54aea9421ce7df191d758da1d1e75404cd2a48e4ec661e3,2025-01-05T12:15:05.473000
 CVE-2024-13141,0,0,d5aafc5c2992d7fd196249b8402b4122a413e79572fd119e168213fe09269a6a,2025-01-05T15:15:17.257000
-CVE-2024-13142,1,1,6528e6e437f3189459fe285c1e2c55ac5a019c331ae6dbee4c3df3b7145731b6,2025-01-05T23:15:06.467000
-CVE-2024-13143,1,1,c2afc4876e46cd380fd1d10a980312da4d2e603db0d42920d20cd1d81d1bf391,2025-01-06T00:15:05.460000
-CVE-2024-13144,1,1,bc673dcb37833b727fc98157fce26807cef4c158cb3987428cbd5bd61bbe52b2,2025-01-06T00:15:05.633000
+CVE-2024-13142,0,0,6528e6e437f3189459fe285c1e2c55ac5a019c331ae6dbee4c3df3b7145731b6,2025-01-05T23:15:06.467000
+CVE-2024-13143,0,0,c2afc4876e46cd380fd1d10a980312da4d2e603db0d42920d20cd1d81d1bf391,2025-01-06T00:15:05.460000
+CVE-2024-13144,0,0,bc673dcb37833b727fc98157fce26807cef4c158cb3987428cbd5bd61bbe52b2,2025-01-06T00:15:05.633000
+CVE-2024-13145,1,1,5293851792dc3cb6491b0cda78aca9c898b2b603a3534d53245e0430e746e1ed,2025-01-06T01:15:06.253000
 CVE-2024-1315,0,0,e1f16e3b2be06db6b65befc45bb21c6efb290182d3477c01a71033b0effe0c2a,2024-11-21T08:50:18.373000
 CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000
 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000
@ -275732,7 +275733,7 @@ CVE-2025-0229,0,0,733cbb695588f6a25d8cc517b82298be2972e628f3d2d85a6ad5987d6d498c
 CVE-2025-0230,0,0,da56c380fbd78e0c1f33c2e3a59c91c27f8ad01a46dc235a12db28093892eebe,2025-01-05T21:15:06.267000
 CVE-2025-0231,0,0,73ba5b334ad5db7bd7f18e0277fa8cbe48a99916bc557dd1170e5fb52d78d868,2025-01-05T22:15:05.540000
 CVE-2025-0232,0,0,bbb1f8dd03cca1cfde501a9cda5da15f541da213c05bfee0e291ed634d921d4c,2025-01-05T22:15:05.767000
-CVE-2025-0233,1,1,5ed4a33582b9d256ec10fa7176aad6ab5c25b941c467fc43ba8899ab1d384b8a,2025-01-05T23:15:07.320000
+CVE-2025-0233,0,0,5ed4a33582b9d256ec10fa7176aad6ab5c25b941c467fc43ba8899ab1d384b8a,2025-01-05T23:15:07.320000
 CVE-2025-21609,0,0,46e3af17bfffe98fbaec33d01272d23877fbd06c6cc0e4a79625fd3beabb7e1e,2025-01-03T17:15:09.147000
 CVE-2025-21610,0,0,803b1c12bbaab2c87bcfc5865cced8b68fa26746eb8c056e6bba01e1200224ac,2025-01-03T17:15:09.290000
 CVE-2025-22214,0,0,9f9cbba758088c6fe54f3b7aba457fa8b68f7e0bf397744585451dc526c7cea3,2025-01-02T04:15:06.277000