Skip to content

Commit

Permalink
2 changes (1 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 1 new CVEs:  CVE-2024-11646
      - 1 updated CVEs: CVE-2024-9341
  • Loading branch information
cvelistV5 Github Action committed Nov 24, 2024
1 parent bf0cb52 commit 33fb892
Show file tree
Hide file tree
Showing 4 changed files with 203 additions and 26 deletions.
162 changes: 162 additions & 0 deletions cves/2024/11xxx/CVE-2024-11646.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,162 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-11646",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2024-11-24T15:01:29.392Z",
"datePublished": "2024-11-24T23:31:04.333Z",
"dateUpdated": "2024-11-24T23:31:04.333Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2024-11-24T23:31:04.333Z"
},
"title": "1000 Projects Beauty Parlour Management System edit-services.php sql injection",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-89",
"lang": "en",
"description": "SQL Injection"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-74",
"lang": "en",
"description": "Injection"
}
]
}
],
"affected": [
{
"vendor": "1000 Projects",
"product": "Beauty Parlour Management System",
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In 1000 Projects Beauty Parlour Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /admin/edit-services.php. Dank der Manipulation des Arguments sername mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 6.9,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
}
],
"timeline": [
{
"time": "2024-11-24T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2024-11-24T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2024-11-24T16:06:44.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "polaris0x1 (VulDB User)",
"type": "reporter"
}
],
"references": [
{
"url": "https://vuldb.com/?id.285967",
"name": "VDB-285967 | 1000 Projects Beauty Parlour Management System edit-services.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.285967",
"name": "VDB-285967 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.446575",
"name": "Submit #446575 | 1000 Projects Beauty Parlour Management System PHP SQLite Project V1.0 SQL Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/ppp-src/CVE/issues/33",
"tags": [
"exploit",
"issue-tracking"
]
},
{
"url": "https://1000projects.org/",
"tags": [
"product"
]
}
]
}
}
}
20 changes: 10 additions & 10 deletions cves/2024/9xxx/CVE-2024-9341.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-09-30T15:19:22.496Z",
"datePublished": "2024-10-01T18:52:00.686Z",
"dateUpdated": "2024-11-24T18:53:33.394Z"
"dateUpdated": "2024-11-24T23:31:47.257Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -153,9 +153,9 @@
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8",
"cpe:/a:redhat:openshift_ironic:4.12::el9",
"cpe:/a:redhat:openshift:4.12::el9",
"cpe:/a:redhat:openshift_ironic:4.12::el9"
"cpe:/a:redhat:openshift:4.12::el8"
]
},
{
Expand All @@ -173,8 +173,8 @@
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.13::el8",
"cpe:/a:redhat:openshift:4.13::el9"
"cpe:/a:redhat:openshift:4.13::el9",
"cpe:/a:redhat:openshift:4.13::el8"
]
},
{
Expand Down Expand Up @@ -211,8 +211,8 @@
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
"cpe:/a:redhat:openshift:4.15::el9",
"cpe:/a:redhat:openshift:4.15::el8"
]
},
{
Expand All @@ -230,8 +230,8 @@
}
],
"cpes": [
"cpe:/a:redhat:openshift:4.16::el8",
"cpe:/a:redhat:openshift:4.16::el9"
"cpe:/a:redhat:openshift:4.16::el9",
"cpe:/a:redhat:openshift:4.16::el8"
]
},
{
Expand Down Expand Up @@ -436,7 +436,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
"dateUpdated": "2024-11-24T18:53:33.394Z"
"dateUpdated": "2024-11-24T23:31:47.257Z"
}
},
"adp": [
Expand Down
26 changes: 10 additions & 16 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,20 @@
{
"fetchTime": "2024-11-24T23:27:17.933Z",
"numberOfChanges": 3,
"fetchTime": "2024-11-24T23:35:44.628Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-53916",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-53916",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/53xxx/CVE-2024-53916.json",
"dateUpdated": "2024-11-24T23:18:04.241308"
"cveId": "CVE-2024-11646",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11646",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11646.json",
"dateUpdated": "2024-11-24T23:31:04.333Z"
}
],
"updated": [
{
"cveId": "CVE-2024-11665",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11665",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11665.json",
"dateUpdated": "2024-11-24T23:18:51.581Z"
},
{
"cveId": "CVE-2024-11666",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11666",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11666.json",
"dateUpdated": "2024-11-24T23:19:03.796Z"
"cveId": "CVE-2024-9341",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9341",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9341.json",
"dateUpdated": "2024-11-24T23:31:47.257Z"
}
],
"error": []
Expand Down
21 changes: 21 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,25 @@
[
{
"fetchTime": "2024-11-24T23:35:44.628Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-11646",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-11646",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/11xxx/CVE-2024-11646.json",
"dateUpdated": "2024-11-24T23:31:04.333Z"
}
],
"updated": [
{
"cveId": "CVE-2024-9341",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-9341",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/9xxx/CVE-2024-9341.json",
"dateUpdated": "2024-11-24T23:31:47.257Z"
}
],
"error": []
},
{
"fetchTime": "2024-11-24T23:27:17.933Z",
"numberOfChanges": 3,
Expand Down

0 comments on commit 33fb892

Please sign in to comment.