-
Notifications
You must be signed in to change notification settings - Fork 210
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 1 new CVEs: CVE-2024-7680 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Aug 11, 2024
1 parent
ae0d1d4
commit 0ea8c33
Showing
3 changed files
with
167 additions
and
791 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,146 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-7680", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2024-08-11T08:40:38.158Z", | ||
| "datePublished": "2024-08-11T22:00:07.007Z", | ||
| "dateUpdated": "2024-08-11T22:00:07.007Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2024-08-11T22:00:07.007Z" | ||
| }, | ||
| "title": "itsourcecode Tailoring Management System incedit.php sql injection", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-89", | ||
| "lang": "en", | ||
| "description": "CWE-89 SQL Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "itsourcecode", | ||
| "product": "Tailoring Management System", | ||
| "versions": [ | ||
| { | ||
| "version": "1.0", | ||
| "status": "affected" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /incedit.php?id=4. The manipulation of the argument id/inccat/desc/date/amount leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "Es wurde eine Schwachstelle in itsourcecode Tailoring Management System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei /incedit.php?id=4. Mittels Manipulieren des Arguments id/inccat/desc/date/amount mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV4_0": { | ||
| "version": "4.0", | ||
| "baseScore": 5.3, | ||
| "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 6.3, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 6.3, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 6.5, | ||
| "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-08-11T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2024-08-11T02:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2024-08-11T10:45:45.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "mxh9934 (VulDB User)", | ||
| "type": "reporter" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.274137", | ||
| "name": "VDB-274137 | itsourcecode Tailoring Management System incedit.php sql injection", | ||
| "tags": [ | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.274137", | ||
| "name": "VDB-274137 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?submit.389047", | ||
| "name": "Submit #389047 | itsourcecode Tailoring Management System Project In PHP 1.0 SQL Injection", | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://github.com/chenzg22/cve/issues/1", | ||
| "tags": [ | ||
| "exploit", | ||
| "issue-tracking" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,14 @@ | ||
| { | ||
| "fetchTime": "2024-08-11T18:24:33.574Z", | ||
| "fetchTime": "2024-08-11T22:00:22.986Z", | ||
| "numberOfChanges": 1, | ||
| "new": [], | ||
| "updated": [ | ||
| "new": [ | ||
| { | ||
| "cveId": "CVE-2024-3727", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3727", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3727.json", | ||
| "dateUpdated": "2024-08-11T18:19:31.791Z" | ||
| "cveId": "CVE-2024-7680", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-7680", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/7xxx/CVE-2024-7680.json", | ||
| "dateUpdated": "2024-08-11T22:00:07.007Z" | ||
| } | ||
| ], | ||
| "updated": [], | ||
| "error": [] | ||
| } |
Oops, something went wrong.