Skip to content

Commit

Permalink
2 changes (2 new | 0 updated):
Browse files Browse the repository at this point in the history 
      - 2 new CVEs:  CVE-2024-12968, CVE-2024-56361
      - 0 updated CVEs:
  • Loading branch information
cvelistV5 Github Action committed Dec 26, 2024
1 parent fd6a39c commit 41dcd7a
Show file tree
Hide file tree
Showing 4 changed files with 292 additions and 6 deletions.
166 changes: 166 additions & 0 deletions cves/2024/12xxx/CVE-2024-12968.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,166 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-12968",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"state": "PUBLISHED",
"assignerShortName": "VulDB",
"dateReserved": "2024-12-26T07:57:29.087Z",
"datePublished": "2024-12-26T22:00:19.421Z",
"dateUpdated": "2024-12-26T22:00:19.421Z"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2024-12-26T22:00:19.421Z"
},
"title": "code-projects Job Recruitment _all_edits.php edit_jobpost sql injection",
"problemTypes": [
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-89",
"lang": "en",
"description": "SQL Injection"
}
]
},
{
"descriptions": [
{
"type": "CWE",
"cweId": "CWE-74",
"lang": "en",
"description": "Injection"
}
]
}
],
"affected": [
{
"vendor": "code-projects",
"product": "Job Recruitment",
"versions": [
{
"version": "1.0",
"status": "affected"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "de",
"value": "In code-projects Job Recruitment 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion edit_jobpost der Datei /_parse/_all_edits.php. Dank der Manipulation des Arguments jobtype mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
}
],
"metrics": [
{
"cvssV4_0": {
"version": "4.0",
"baseScore": 6.9,
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_1": {
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
}
},
{
"cvssV3_0": {
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
}
},
{
"cvssV2_0": {
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
}
],
"timeline": [
{
"time": "2024-12-26T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2024-12-26T01:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2024-12-26T12:33:35.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "AceChestNut (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "AceChestNut (VulDB User)",
"type": "analyst"
}
],
"references": [
{
"url": "https://vuldb.com/?id.289333",
"name": "VDB-289333 | code-projects Job Recruitment _all_edits.php edit_jobpost sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/?ctiid.289333",
"name": "VDB-289333 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/?submit.469021",
"name": "Submit #469021 | code-projects job-recruitment-php 0/1 Sql injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://github.com/705298066/cve/blob/main/sql-1-kzk.md",
"tags": [
"exploit"
]
},
{
"url": "https://code-projects.org/",
"tags": [
"product"
]
}
]
}
}
}
94 changes: 94 additions & 0 deletions cves/2024/56xxx/CVE-2024-56361.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2024-56361",
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"state": "PUBLISHED",
"assignerShortName": "GitHub_M",
"dateReserved": "2024-12-20T17:29:55.862Z",
"datePublished": "2024-12-26T21:59:01.775Z",
"dateUpdated": "2024-12-26T21:59:01.775Z"
},
"containers": {
"cna": {
"title": "Stored Cross-Site Scripting (XSS) in lgsl v7.0",
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"lang": "en",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"type": "CWE"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"subAvailabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"references": [
{
"name": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3"
},
{
"name": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843"
}
],
"affected": [
{
"vendor": "tltneon",
"product": "lgsl",
"versions": [
{
"version": "< 7.0.0",
"status": "affected"
}
]
}
],
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
"dateUpdated": "2024-12-26T21:59:01.775Z"
},
"descriptions": [
{
"lang": "en",
"value": "LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious /info endpoint with our payload, will render our javascript on the info page. This information is being displayed via lgsl_details.php. This vulnerability is fixed in 7.0.0."
}
],
"source": {
"advisory": "GHSA-xx95-62h6-h7v3",
"discovery": "UNKNOWN"
}
}
}
}
18 changes: 12 additions & 6 deletions cves/delta.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
{
"fetchTime": "2024-12-26T21:56:58.376Z",
"numberOfChanges": 1,
"fetchTime": "2024-12-26T22:03:12.117Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-55950",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-55950",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/55xxx/CVE-2024-55950.json",
"dateUpdated": "2024-12-26T21:52:44.619Z"
"cveId": "CVE-2024-12968",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12968",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12968.json",
"dateUpdated": "2024-12-26T22:00:19.421Z"
},
{
"cveId": "CVE-2024-56361",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56361",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56361.json",
"dateUpdated": "2024-12-26T21:59:01.775Z"
}
],
"updated": [],
Expand Down
20 changes: 20 additions & 0 deletions cves/deltaLog.json
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,24 @@
[
{
"fetchTime": "2024-12-26T22:03:12.117Z",
"numberOfChanges": 2,
"new": [
{
"cveId": "CVE-2024-12968",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12968",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12968.json",
"dateUpdated": "2024-12-26T22:00:19.421Z"
},
{
"cveId": "CVE-2024-56361",
"cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56361",
"githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56361.json",
"dateUpdated": "2024-12-26T21:59:01.775Z"
}
],
"updated": [],
"error": []
},
{
"fetchTime": "2024-12-26T21:56:58.376Z",
"numberOfChanges": 1,
Expand Down

0 comments on commit 41dcd7a

Please sign in to comment.