diff --git a/cves/2024/12xxx/CVE-2024-12968.json b/cves/2024/12xxx/CVE-2024-12968.json new file mode 100644 index 000000000000..1f0552551513 --- /dev/null +++ b/cves/2024/12xxx/CVE-2024-12968.json @@ -0,0 +1,166 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-12968", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2024-12-26T07:57:29.087Z", + "datePublished": "2024-12-26T22:00:19.421Z", + "dateUpdated": "2024-12-26T22:00:19.421Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2024-12-26T22:00:19.421Z" + }, + "title": "code-projects Job Recruitment _all_edits.php edit_jobpost sql injection", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-89", + "lang": "en", + "description": "SQL Injection" + } + ] + }, + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-74", + "lang": "en", + "description": "Injection" + } + ] + } + ], + "affected": [ + { + "vendor": "code-projects", + "product": "Job Recruitment", + "versions": [ + { + "version": "1.0", + "status": "affected" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "de", + "value": "In code-projects Job Recruitment 1.0 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um die Funktion edit_jobpost der Datei /_parse/_all_edits.php. Dank der Manipulation des Arguments jobtype mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 7.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 7.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "HIGH" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 7.5, + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" + } + } + ], + "timeline": [ + { + "time": "2024-12-26T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2024-12-26T01:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2024-12-26T12:33:35.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "AceChestNut (VulDB User)", + "type": "reporter" + }, + { + "lang": "en", + "value": "AceChestNut (VulDB User)", + "type": "analyst" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.289333", + "name": "VDB-289333 | code-projects Job Recruitment _all_edits.php edit_jobpost sql injection", + "tags": [ + "vdb-entry", + "technical-description" + ] + }, + { + "url": "https://vuldb.com/?ctiid.289333", + "name": "VDB-289333 | CTI Indicators (IOB, IOC, TTP, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.469021", + "name": "Submit #469021 | code-projects job-recruitment-php 0/1 Sql injection", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/705298066/cve/blob/main/sql-1-kzk.md", + "tags": [ + "exploit" + ] + }, + { + "url": "https://code-projects.org/", + "tags": [ + "product" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/56xxx/CVE-2024-56361.json b/cves/2024/56xxx/CVE-2024-56361.json new file mode 100644 index 000000000000..25324eb02391 --- /dev/null +++ b/cves/2024/56xxx/CVE-2024-56361.json @@ -0,0 +1,94 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-56361", + "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "state": "PUBLISHED", + "assignerShortName": "GitHub_M", + "dateReserved": "2024-12-20T17:29:55.862Z", + "datePublished": "2024-12-26T21:59:01.775Z", + "dateUpdated": "2024-12-26T21:59:01.775Z" + }, + "containers": { + "cna": { + "title": "Stored Cross-Site Scripting (XSS) in lgsl v7.0", + "problemTypes": [ + { + "descriptions": [ + { + "cweId": "CWE-79", + "lang": "en", + "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", + "type": "CWE" + } + ] + } + ], + "metrics": [ + { + "cvssV4_0": { + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnConfidentialityImpact": "LOW", + "vulnIntegrityImpact": "LOW", + "vulnAvailabilityImpact": "NONE", + "subConfidentialityImpact": "NONE", + "subIntegrityImpact": "NONE", + "subAvailabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", + "version": "4.0" + } + } + ], + "references": [ + { + "name": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3", + "tags": [ + "x_refsource_CONFIRM" + ], + "url": "https://github.com/tltneon/lgsl/security/advisories/GHSA-xx95-62h6-h7v3" + }, + { + "name": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843", + "tags": [ + "x_refsource_MISC" + ], + "url": "https://github.com/tltneon/lgsl/commit/3fbd3bb581b636f7fd3ea0592c5f8df87d3a2843" + } + ], + "affected": [ + { + "vendor": "tltneon", + "product": "lgsl", + "versions": [ + { + "version": "< 7.0.0", + "status": "affected" + } + ] + } + ], + "providerMetadata": { + "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", + "shortName": "GitHub_M", + "dateUpdated": "2024-12-26T21:59:01.775Z" + }, + "descriptions": [ + { + "lang": "en", + "value": "LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious /info endpoint with our payload, will render our javascript on the info page. This information is being displayed via lgsl_details.php. This vulnerability is fixed in 7.0.0." + } + ], + "source": { + "advisory": "GHSA-xx95-62h6-h7v3", + "discovery": "UNKNOWN" + } + } + } +} \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 400da5f70511..111e8e0a3d23 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,12 +1,18 @@ { - "fetchTime": "2024-12-26T21:56:58.376Z", - "numberOfChanges": 1, + "fetchTime": "2024-12-26T22:03:12.117Z", + "numberOfChanges": 2, "new": [ { - "cveId": "CVE-2024-55950", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-55950", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/55xxx/CVE-2024-55950.json", - "dateUpdated": "2024-12-26T21:52:44.619Z" + "cveId": "CVE-2024-12968", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12968", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12968.json", + "dateUpdated": "2024-12-26T22:00:19.421Z" + }, + { + "cveId": "CVE-2024-56361", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56361", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56361.json", + "dateUpdated": "2024-12-26T21:59:01.775Z" } ], "updated": [], diff --git a/cves/deltaLog.json b/cves/deltaLog.json index c03902a0b0e5..9e52ef3ae48e 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,24 @@ [ + { + "fetchTime": "2024-12-26T22:03:12.117Z", + "numberOfChanges": 2, + "new": [ + { + "cveId": "CVE-2024-12968", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-12968", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/12xxx/CVE-2024-12968.json", + "dateUpdated": "2024-12-26T22:00:19.421Z" + }, + { + "cveId": "CVE-2024-56361", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-56361", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/56xxx/CVE-2024-56361.json", + "dateUpdated": "2024-12-26T21:59:01.775Z" + } + ], + "updated": [], + "error": [] + }, { "fetchTime": "2024-12-26T21:56:58.376Z", "numberOfChanges": 1,