-
Notifications
You must be signed in to change notification settings - Fork 201
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 2 new CVEs: CVE-2024-12187, CVE-2024-12188 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Dec 5, 2024
1 parent
e1afbe9
commit e46a89f
Showing
4 changed files
with
354 additions
and
55 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"dataVersion": "5.1", | ||
"cveMetadata": { | ||
"cveId": "CVE-2024-12187", | ||
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"state": "PUBLISHED", | ||
"assignerShortName": "VulDB", | ||
"dateReserved": "2024-12-04T16:41:49.442Z", | ||
"datePublished": "2024-12-05T00:00:16.351Z", | ||
"dateUpdated": "2024-12-05T00:00:16.351Z" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"shortName": "VulDB", | ||
"dateUpdated": "2024-12-05T00:00:16.351Z" | ||
}, | ||
"title": "1000 Projects Library Management System showbook.php sql injection", | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-89", | ||
"lang": "en", | ||
"description": "SQL Injection" | ||
} | ||
] | ||
}, | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-74", | ||
"lang": "en", | ||
"description": "Injection" | ||
} | ||
] | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "1000 Projects", | ||
"product": "Library Management System", | ||
"versions": [ | ||
{ | ||
"version": "1.0", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." | ||
}, | ||
{ | ||
"lang": "de", | ||
"value": "Es wurde eine kritische Schwachstelle in 1000 Projects Library Management System 1.0 ausgemacht. Dabei betrifft es einen unbekannter Codeteil der Datei /showbook.php. Mittels Manipulieren des Arguments q mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." | ||
} | ||
], | ||
"metrics": [ | ||
{ | ||
"cvssV4_0": { | ||
"version": "4.0", | ||
"baseScore": 6.9, | ||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
"baseSeverity": "MEDIUM" | ||
} | ||
}, | ||
{ | ||
"cvssV3_1": { | ||
"version": "3.1", | ||
"baseScore": 7.3, | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "HIGH" | ||
} | ||
}, | ||
{ | ||
"cvssV3_0": { | ||
"version": "3.0", | ||
"baseScore": 7.3, | ||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "HIGH" | ||
} | ||
}, | ||
{ | ||
"cvssV2_0": { | ||
"version": "2.0", | ||
"baseScore": 7.5, | ||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" | ||
} | ||
} | ||
], | ||
"timeline": [ | ||
{ | ||
"time": "2024-12-04T00:00:00.000Z", | ||
"lang": "en", | ||
"value": "Advisory disclosed" | ||
}, | ||
{ | ||
"time": "2024-12-04T01:00:00.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry created" | ||
}, | ||
{ | ||
"time": "2024-12-04T17:46:57.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry last update" | ||
} | ||
], | ||
"credits": [ | ||
{ | ||
"lang": "en", | ||
"value": "punnyhunter (VulDB User)", | ||
"type": "reporter" | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://vuldb.com/?id.286908", | ||
"name": "VDB-286908 | 1000 Projects Library Management System showbook.php sql injection", | ||
"tags": [ | ||
"vdb-entry", | ||
"technical-description" | ||
] | ||
}, | ||
{ | ||
"url": "https://vuldb.com/?ctiid.286908", | ||
"name": "VDB-286908 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
"tags": [ | ||
"signature", | ||
"permissions-required" | ||
] | ||
}, | ||
{ | ||
"url": "https://vuldb.com/?submit.455058", | ||
"name": "Submit #455058 | 1000 Projects Library Management System BCA 4th Semester Minor Project using SQL and PHP V1.0 SQL Injection", | ||
"tags": [ | ||
"third-party-advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https://github.com/PunyHunter/CVE/issues/1", | ||
"tags": [ | ||
"exploit", | ||
"issue-tracking" | ||
] | ||
}, | ||
{ | ||
"url": "https://1000projects.org/", | ||
"tags": [ | ||
"product" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,162 @@ | ||
{ | ||
"dataType": "CVE_RECORD", | ||
"dataVersion": "5.1", | ||
"cveMetadata": { | ||
"cveId": "CVE-2024-12188", | ||
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"state": "PUBLISHED", | ||
"assignerShortName": "VulDB", | ||
"dateReserved": "2024-12-04T16:41:52.170Z", | ||
"datePublished": "2024-12-05T00:00:18.278Z", | ||
"dateUpdated": "2024-12-05T00:00:18.278Z" | ||
}, | ||
"containers": { | ||
"cna": { | ||
"providerMetadata": { | ||
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
"shortName": "VulDB", | ||
"dateUpdated": "2024-12-05T00:00:18.278Z" | ||
}, | ||
"title": "1000 Projects Library Management System stu.php sql injection", | ||
"problemTypes": [ | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-89", | ||
"lang": "en", | ||
"description": "SQL Injection" | ||
} | ||
] | ||
}, | ||
{ | ||
"descriptions": [ | ||
{ | ||
"type": "CWE", | ||
"cweId": "CWE-74", | ||
"lang": "en", | ||
"description": "Injection" | ||
} | ||
] | ||
} | ||
], | ||
"affected": [ | ||
{ | ||
"vendor": "1000 Projects", | ||
"product": "Library Management System", | ||
"versions": [ | ||
{ | ||
"version": "1.0", | ||
"status": "affected" | ||
} | ||
] | ||
} | ||
], | ||
"descriptions": [ | ||
{ | ||
"lang": "en", | ||
"value": "A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." | ||
}, | ||
{ | ||
"lang": "de", | ||
"value": "In 1000 Projects Library Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Hierbei betrifft es unbekannten Programmcode der Datei /brains/stu.php. Durch das Manipulieren des Arguments useri mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung." | ||
} | ||
], | ||
"metrics": [ | ||
{ | ||
"cvssV4_0": { | ||
"version": "4.0", | ||
"baseScore": 6.9, | ||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
"baseSeverity": "MEDIUM" | ||
} | ||
}, | ||
{ | ||
"cvssV3_1": { | ||
"version": "3.1", | ||
"baseScore": 7.3, | ||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "HIGH" | ||
} | ||
}, | ||
{ | ||
"cvssV3_0": { | ||
"version": "3.0", | ||
"baseScore": 7.3, | ||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
"baseSeverity": "HIGH" | ||
} | ||
}, | ||
{ | ||
"cvssV2_0": { | ||
"version": "2.0", | ||
"baseScore": 7.5, | ||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" | ||
} | ||
} | ||
], | ||
"timeline": [ | ||
{ | ||
"time": "2024-12-04T00:00:00.000Z", | ||
"lang": "en", | ||
"value": "Advisory disclosed" | ||
}, | ||
{ | ||
"time": "2024-12-04T01:00:00.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry created" | ||
}, | ||
{ | ||
"time": "2024-12-04T17:46:59.000Z", | ||
"lang": "en", | ||
"value": "VulDB entry last update" | ||
} | ||
], | ||
"credits": [ | ||
{ | ||
"lang": "en", | ||
"value": "SkGoing (VulDB User)", | ||
"type": "reporter" | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"url": "https://vuldb.com/?id.286909", | ||
"name": "VDB-286909 | 1000 Projects Library Management System stu.php sql injection", | ||
"tags": [ | ||
"vdb-entry", | ||
"technical-description" | ||
] | ||
}, | ||
{ | ||
"url": "https://vuldb.com/?ctiid.286909", | ||
"name": "VDB-286909 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
"tags": [ | ||
"signature", | ||
"permissions-required" | ||
] | ||
}, | ||
{ | ||
"url": "https://vuldb.com/?submit.455061", | ||
"name": "Submit #455061 | 1000 Projects Library Management System BCA 4th Semester Minor Project using SQL and PHP 1.0 SQL Injection", | ||
"tags": [ | ||
"third-party-advisory" | ||
] | ||
}, | ||
{ | ||
"url": "https://github.com/SkGoing/CVE-repo_00/issues/4", | ||
"tags": [ | ||
"exploit", | ||
"issue-tracking" | ||
] | ||
}, | ||
{ | ||
"url": "https://1000projects.org/", | ||
"tags": [ | ||
"product" | ||
] | ||
} | ||
] | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.