-
Notifications
You must be signed in to change notification settings - Fork 346
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
GHSA-5chh-wv34-p78r GHSA-7h6m-3862-6xr6 GHSA-85gg-89qv-8pvc GHSA-87r4-wg36-7x2v GHSA-99q4-qxp3-pjpm GHSA-cw42-cp8c-qv2q GHSA-g5cm-fp5c-4jfp GHSA-r5j8-58v3-g23g GHSA-vcp4-p2mp-8fpq GHSA-vp3x-9qpg-q385
- Loading branch information
1 parent
bdfb4d5
commit 04c0fc3
Showing
10 changed files
with
448 additions
and
0 deletions.
There are no files selected for viewing
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2025/01/GHSA-5chh-wv34-p78r/GHSA-5chh-wv34-p78r.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-5chh-wv34-p78r", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0211" | ||
| ], | ||
| "details": "A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0211" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/shaturo1337/POCs/blob/main/LFI%20in%20School%20Faculty%20Scheduling%20System.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.290156" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.290156" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.474115" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.campcodes.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-73" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T15:15:07Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2025/01/GHSA-7h6m-3862-6xr6/GHSA-7h6m-3862-6xr6.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-7h6m-3862-6xr6", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0208" | ||
| ], | ||
| "details": "A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0208" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/th4s1s/24925a20d1f9336858dee1cbbb30c249" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.290145" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.290145" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.474038" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T13:15:07Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2025/01/GHSA-85gg-89qv-8pvc/GHSA-85gg-89qv-8pvc.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-85gg-89qv-8pvc", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0210" | ||
| ], | ||
| "details": "A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0210" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/shaturo1337/POCs/blob/main/Blind%20SQL%20Injection%20in%20School%20Faculty%20Scheduling%20System.md" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.290155" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.290155" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.474112" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.campcodes.com" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T14:15:22Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-87r4-wg36-7x2v/GHSA-87r4-wg36-7x2v.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-87r4-wg36-7x2v", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-41765" | ||
| ], | ||
| "details": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41765" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.ibm.com/support/pages/node/7180201" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-22" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T15:15:06Z" | ||
| } | ||
| } |
56 changes: 56 additions & 0 deletions
56
advisories/unreviewed/2025/01/GHSA-99q4-qxp3-pjpm/GHSA-99q4-qxp3-pjpm.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-99q4-qxp3-pjpm", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2025-0207" | ||
| ], | ||
| "details": "A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" | ||
| }, | ||
| { | ||
| "type": "CVSS_V4", | ||
| "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0207" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://code-projects.org" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/th4s1s/d10dfaebae75c8dbe54ad83d63725d81" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?ctiid.290144" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?id.290144" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://vuldb.com/?submit.474035" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-74" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T13:15:07Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-cw42-cp8c-qv2q/GHSA-cw42-cp8c-qv2q.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-cw42-cp8c-qv2q", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-41767" | ||
| ], | ||
| "details": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41767" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.ibm.com/support/pages/node/7180199" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-89" | ||
| ], | ||
| "severity": "HIGH", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T15:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-g5cm-fp5c-4jfp/GHSA-g5cm-fp5c-4jfp.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-g5cm-fp5c-4jfp", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-41763" | ||
| ], | ||
| "details": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41763" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.ibm.com/support/pages/node/7180204" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-327" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T15:15:06Z" | ||
| } | ||
| } |
36 changes: 36 additions & 0 deletions
36
advisories/unreviewed/2025/01/GHSA-r5j8-58v3-g23g/GHSA-r5j8-58v3-g23g.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| { | ||
| "schema_version": "1.4.0", | ||
| "id": "GHSA-r5j8-58v3-g23g", | ||
| "modified": "2025-01-04T15:30:45Z", | ||
| "published": "2025-01-04T15:30:45Z", | ||
| "aliases": [ | ||
| "CVE-2024-41768" | ||
| ], | ||
| "details": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state.", | ||
| "severity": [ | ||
| { | ||
| "type": "CVSS_V3", | ||
| "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" | ||
| } | ||
| ], | ||
| "affected": [], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41768" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://www.ibm.com/support/pages/node/7180202" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "cwe_ids": [ | ||
| "CWE-544" | ||
| ], | ||
| "severity": "MODERATE", | ||
| "github_reviewed": false, | ||
| "github_reviewed_at": null, | ||
| "nvd_published_at": "2025-01-04T15:15:07Z" | ||
| } | ||
| } |
Oops, something went wrong.