-
Notifications
You must be signed in to change notification settings - Fork 172
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 1 new CVEs: CVE-2024-10157 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Oct 19, 2024
1 parent
6510763
commit c51bfdc
Showing
3 changed files
with
173 additions
and
643 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,154 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-10157", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2024-10-18T19:16:41.742Z", | ||
| "datePublished": "2024-10-19T22:31:05.359Z", | ||
| "dateUpdated": "2024-10-19T22:31:05.359Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2024-10-19T22:31:05.359Z" | ||
| }, | ||
| "title": "PHPGurukul Boat Booking System Reset Your Password Page password-recovery.php sql injection", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-89", | ||
| "lang": "en", | ||
| "description": "SQL Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "PHPGurukul", | ||
| "product": "Boat Booking System", | ||
| "versions": [ | ||
| { | ||
| "version": "1.0", | ||
| "status": "affected" | ||
| } | ||
| ], | ||
| "modules": [ | ||
| "Reset Your Password Page" | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "Eine Schwachstelle wurde in PHPGurukul Boat Booking System 1.0 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /admin/password-recovery.php der Komponente Reset Your Password Page. Durch die Manipulation des Arguments username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV4_0": { | ||
| "version": "4.0", | ||
| "baseScore": 6.9, | ||
| "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 7.3, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "HIGH" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 7.3, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "HIGH" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 7.5, | ||
| "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-10-18T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2024-10-18T02:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2024-10-18T21:22:12.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "jadu101 (VulDB User)", | ||
| "type": "reporter" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.280943", | ||
| "name": "VDB-280943 | PHPGurukul Boat Booking System Reset Your Password Page password-recovery.php sql injection", | ||
| "tags": [ | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.280943", | ||
| "name": "VDB-280943 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?submit.425399", | ||
| "name": "Submit #425399 | PHPGurukul Boat Booking System 1.0 SQL Injection", | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_password_recovery_sqli.md", | ||
| "tags": [ | ||
| "exploit" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://phpgurukul.com/", | ||
| "tags": [ | ||
| "product" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.