-
Notifications
You must be signed in to change notification settings - Fork 210
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 1 new CVEs: CVE-2024-0260 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Jan 7, 2024
1 parent
cdcebd7
commit d8379a1
Showing
3 changed files
with
152 additions
and
268 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,130 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.0", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-0260", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2024-01-06T08:29:19.086Z", | ||
| "datePublished": "2024-01-07T00:00:07.682Z", | ||
| "dateUpdated": "2024-01-07T00:00:07.682Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2024-01-07T00:00:07.682Z" | ||
| }, | ||
| "title": "SourceCodester Engineers Online Portal Password Change change_password_teacher.php session expiration", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-613", | ||
| "lang": "en", | ||
| "description": "CWE-613 Session Expiration" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "SourceCodester", | ||
| "product": "Engineers Online Portal", | ||
| "versions": [ | ||
| { | ||
| "version": "1.0", | ||
| "status": "affected" | ||
| } | ||
| ], | ||
| "modules": [ | ||
| "Password Change" | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "Es wurde eine Schwachstelle in SourceCodester Engineers Online Portal 1.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei change_password_teacher.php der Komponente Password Change. Mittels Manipulieren mit unbekannten Daten kann eine session expiration-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 4.3, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 4.3, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 4, | ||
| "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-01-06T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2024-01-06T01:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2024-01-06T09:35:03.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "ahmed8199 (VulDB User)", | ||
| "type": "analyst" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.249816", | ||
| "tags": [ | ||
| "vdb-entry" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.249816", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo", | ||
| "tags": [ | ||
| "exploit" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,14 @@ | ||
| { | ||
| "fetchTime": "2024-01-06T21:07:18.543Z", | ||
| "numberOfChanges": 2, | ||
| "new": [], | ||
| "updated": [ | ||
| "fetchTime": "2024-01-07T00:00:38.131Z", | ||
| "numberOfChanges": 1, | ||
| "new": [ | ||
| { | ||
| "cveId": "CVE-2023-4255", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-4255", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/4xxx/CVE-2023-4255.json", | ||
| "dateUpdated": "2024-01-06T21:00:05.443Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2023-4256", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-4256", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/4xxx/CVE-2023-4256.json", | ||
| "dateUpdated": "2024-01-06T21:00:14.989Z" | ||
| "cveId": "CVE-2024-0260", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0260", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0260.json", | ||
| "dateUpdated": "2024-01-07T00:00:07.682Z" | ||
| } | ||
| ], | ||
| "updated": [], | ||
| "error": [] | ||
| } |
Oops, something went wrong.