Publish Advisories

GHSA-3w77-ccg9-93q6 GHSA-4gmq-m9vp-jrwg GHSA-74pw-6jvg-9rqc GHSA-8x87-jcr7-hcw9
github · Nov 4, 2024 · 2376a60 · 2376a60
1 parent 27a55c2
commit 2376a60
Show file tree

Hide file tree

Showing 4 changed files with 220 additions and 0 deletions.
diff --git a/advisories/unreviewed/2024/11/GHSA-3w77-ccg9-93q6/GHSA-3w77-ccg9-93q6.json b/advisories/unreviewed/2024/11/GHSA-3w77-ccg9-93q6/GHSA-3w77-ccg9-93q6.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3w77-ccg9-93q6",
+  "modified": "2024-11-04T06:30:30Z",
+  "published": "2024-11-04T06:30:30Z",
+  "aliases": [
+    "CVE-2024-10760"
+  ],
+  "details": "A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10760"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/MurphyEutopia/cve/blob/main/sql15.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.282929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.282929"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.436442"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-04T05:15:03Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-4gmq-m9vp-jrwg/GHSA-4gmq-m9vp-jrwg.json b/advisories/unreviewed/2024/11/GHSA-4gmq-m9vp-jrwg/GHSA-4gmq-m9vp-jrwg.json
@@ -0,0 +1,50 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4gmq-m9vp-jrwg",
+  "modified": "2024-11-04T06:30:30Z",
+  "published": "2024-11-04T06:30:30Z",
+  "aliases": [
+    "CVE-2024-10761"
+  ],
+  "details": "A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10761"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.282930"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.282930"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.427091"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-04T05:15:04Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-74pw-6jvg-9rqc/GHSA-74pw-6jvg-9rqc.json b/advisories/unreviewed/2024/11/GHSA-74pw-6jvg-9rqc/GHSA-74pw-6jvg-9rqc.json
@@ -0,0 +1,54 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-74pw-6jvg-9rqc",
+  "modified": "2024-11-04T06:30:30Z",
+  "published": "2024-11-04T06:30:30Z",
+  "aliases": [
+    "CVE-2024-10758"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10758"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.282927"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.282927"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.436395"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-04T04:15:02Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/11/GHSA-8x87-jcr7-hcw9/GHSA-8x87-jcr7-hcw9.json b/advisories/unreviewed/2024/11/GHSA-8x87-jcr7-hcw9/GHSA-8x87-jcr7-hcw9.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-8x87-jcr7-hcw9",
+  "modified": "2024-11-04T06:30:30Z",
+  "published": "2024-11-04T06:30:30Z",
+  "aliases": [
+    "CVE-2024-10759"
+  ],
+  "details": "A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-pig.php. The manipulation of the argument pigno/weight/arrived/breed/remark/status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"pigno\" to be affected. But it must be assumed that other parameters are affected as well.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10759"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/liujiaquan1122/cve/issues/2"
+    },
+    {
+      "type": "WEB",
+      "url": "https://itsourcecode.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.282928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.282928"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.436418"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-11-04T04:15:03Z"
+  }
+}