admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-91xx/CVE-2024-9102.json
cad-safe-bot 627729c313 Auto-Update: 2025-03-02T03:00:19.570958+00:00
2025-03-02 03:03:52 +00:00

90 lines
3.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-9102",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2024-12-19T14:15:06.327",
"lastModified": "2024-12-19T14:15:06.327",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection."
},
{
"lang": "es",
"value": "phpLDAPadmin, al menos desde la versi\u00f3n 1.2.0 hasta la \u00faltima versi\u00f3n 1.2.6.7, permite a los usuarios exportar elementos del directorio LDAP a un archivo de valores separados por comas (CSV), pero no neutraliza elementos especiales que podr\u00edan interpretarse como un comando cuando un producto de hojas de c\u00e1lculo abre el archivo. Por lo tanto, esto podr\u00eda provocar una inyecci\u00f3n de f\u00f3rmula CSV."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"subAvailabilityImpact": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirement": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"availabilityRequirement": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://github.com/leenooks/phpLDAPadmin/commit/ea17aadef46fd29850160987fe7740ceed1381ad#diff-93b9f3e6d4c5bdacf469ea0ec74c1e9217ca6272da9be5a1bfd711f7da16f9e3R240",
"source": "vulnerability@ncsc.ch"
},
{
"url": "https://sourceforge.net/projects/phpldapadmin/files/phpldapadmin-php5/1.2.0",
"source": "vulnerability@ncsc.ch"
},
{
"url": "https://www.redguard.ch/blog/2024/12/19/security-advisory-phpldapadmin/",
"source": "vulnerability@ncsc.ch"
}
]
}
Reference in New Issue View Git Blame Copy Permalink