-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 1 new CVEs: CVE-2024-12895 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Dec 22, 2024
1 parent
c1ae91b
commit 45cf169
Showing
3 changed files
with
167 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"dataVersion": "5.1", | ||
"cveMetadata": { | ||
"cveId": "CVE-2024-12895", | ||
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"state": "PUBLISHED", | ||
"assignerShortName": "VulDB", | ||
"dateReserved": "2024-12-21T20:17:17.287Z", | ||
"datePublished": "2024-12-22T14:00:13.671Z", | ||
"dateUpdated": "2024-12-22T14:00:13.671Z" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"shortName": "VulDB", | ||
"dateUpdated": "2024-12-22T14:00:13.671Z" | ||
}, | ||
"title": "TreasureHuntGame TreasureHunt checkflag.php console_log sql injection", | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-89", | ||
"lang": "en", | ||
"description": "SQL Injection" | ||
} | ||
] | ||
}, | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-74", | ||
"lang": "en", | ||
"description": "Injection" | ||
} | ||
] | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "TreasureHuntGame", | ||
"product": "TreasureHunt", | ||
"versions": [ | ||
{ | ||
"version": "963e0e0", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue." | ||
}, | ||
{ | ||
"lang": "de", | ||
"value": "In TreasureHuntGame TreasureHunt bis 963e0e0 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um die Funktion console_log der Datei TreasureHunt/checkflag.php. Durch Manipulieren des Arguments problema mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Patch wird als 8bcc649abc35b7734951be084bb522a532faac4e bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen." | ||
} | ||
], | ||
"metrics": [ | ||
{ | ||
"cvssV4_0": { | ||
"version": "4.0", | ||
"baseScore": 5.3, | ||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
"baseSeverity": "MEDIUM" | ||
} | ||
}, | ||
{ | ||
"cvssV3_1": { | ||
"version": "3.1", | ||
"baseScore": 6.3, | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "MEDIUM" | ||
} | ||
}, | ||
{ | ||
"cvssV3_0": { | ||
"version": "3.0", | ||
"baseScore": 6.3, | ||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "MEDIUM" | ||
} | ||
}, | ||
{ | ||
"cvssV2_0": { | ||
"version": "2.0", | ||
"baseScore": 6.5, | ||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" | ||
} | ||
} | ||
], | ||
"timeline": [ | ||
{ | ||
"time": "2024-12-21T00:00:00.000Z", | ||
"lang": "en", | ||
"value": "Advisory disclosed" | ||
}, | ||
{ | ||
"time": "2024-12-21T01:00:00.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry created" | ||
}, | ||
{ | ||
"time": "2024-12-21T21:22:24.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry last update" | ||
} | ||
], | ||
"credits": [ | ||
{ | ||
"lang": "en", | ||
"value": "VulDB GitHub Commit Analyzer", | ||
"type": "tool" | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://vuldb.com/?id.289165", | ||
"name": "VDB-289165 | TreasureHuntGame TreasureHunt checkflag.php console_log sql injection", | ||
"tags": [ | ||
"vdb-entry", | ||
"technical-description" | ||
] | ||
}, | ||
{ | ||
"url": "https://vuldb.com/?ctiid.289165", | ||
"name": "VDB-289165 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
"tags": [ | ||
"signature", | ||
"permissions-required" | ||
] | ||
}, | ||
{ | ||
"url": "https://github.com/TreasureHuntGame/TreasureHunt/commit/8bcc649abc35b7734951be084bb522a532faac4e", | ||
"tags": [ | ||
"patch" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters