From f70dcdf8b4ccf9b1587ca3fc678ea70fd4e43ea5 Mon Sep 17 00:00:00 2001 From: "advisory-database[bot]" <45398580+advisory-database[bot]@users.noreply.github.com> Date: Thu, 26 Dec 2024 06:32:11 +0000 Subject: [PATCH] Publish Advisories GHSA-447r-cxfc-3q93 GHSA-4jmc-cgpx-wfmf GHSA-533g-7w58-g89m GHSA-7669-rvr4-58hw GHSA-7jjg-gm2c-94v7 GHSA-fxjp-p9mj-r6h8 GHSA-gh3f-64h2-9gjh GHSA-jfx8-86f7-x4h2 GHSA-rj25-7x5r-jgw6 GHSA-vhwm-93rm-63jm --- .../GHSA-447r-cxfc-3q93.json | 29 +++++++++++ .../GHSA-4jmc-cgpx-wfmf.json | 52 +++++++++++++++++++ .../GHSA-533g-7w58-g89m.json | 6 ++- .../GHSA-7669-rvr4-58hw.json | 52 +++++++++++++++++++ .../GHSA-7jjg-gm2c-94v7.json | 29 +++++++++++ .../GHSA-fxjp-p9mj-r6h8.json | 52 +++++++++++++++++++ .../GHSA-gh3f-64h2-9gjh.json | 52 +++++++++++++++++++ .../GHSA-jfx8-86f7-x4h2.json | 36 +++++++++++++ .../GHSA-rj25-7x5r-jgw6.json | 52 +++++++++++++++++++ .../GHSA-vhwm-93rm-63jm.json | 52 +++++++++++++++++++ 10 files changed, 411 insertions(+), 1 deletion(-) create mode 100644 advisories/unreviewed/2024/12/GHSA-447r-cxfc-3q93/GHSA-447r-cxfc-3q93.json create mode 100644 advisories/unreviewed/2024/12/GHSA-4jmc-cgpx-wfmf/GHSA-4jmc-cgpx-wfmf.json create mode 100644 advisories/unreviewed/2024/12/GHSA-7669-rvr4-58hw/GHSA-7669-rvr4-58hw.json create mode 100644 advisories/unreviewed/2024/12/GHSA-7jjg-gm2c-94v7/GHSA-7jjg-gm2c-94v7.json create mode 100644 advisories/unreviewed/2024/12/GHSA-fxjp-p9mj-r6h8/GHSA-fxjp-p9mj-r6h8.json create mode 100644 advisories/unreviewed/2024/12/GHSA-gh3f-64h2-9gjh/GHSA-gh3f-64h2-9gjh.json create mode 100644 advisories/unreviewed/2024/12/GHSA-jfx8-86f7-x4h2/GHSA-jfx8-86f7-x4h2.json create mode 100644 advisories/unreviewed/2024/12/GHSA-rj25-7x5r-jgw6/GHSA-rj25-7x5r-jgw6.json create mode 100644 advisories/unreviewed/2024/12/GHSA-vhwm-93rm-63jm/GHSA-vhwm-93rm-63jm.json diff --git a/advisories/unreviewed/2024/12/GHSA-447r-cxfc-3q93/GHSA-447r-cxfc-3q93.json b/advisories/unreviewed/2024/12/GHSA-447r-cxfc-3q93/GHSA-447r-cxfc-3q93.json new file mode 100644 index 0000000000000..ffff7862d50af --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-447r-cxfc-3q93/GHSA-447r-cxfc-3q93.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-447r-cxfc-3q93", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-11223" + ], + "details": "The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11223" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/82989909-9745-4c9a-abc7-c1adf8c2b047" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T06:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4jmc-cgpx-wfmf/GHSA-4jmc-cgpx-wfmf.json b/advisories/unreviewed/2024/12/GHSA-4jmc-cgpx-wfmf/GHSA-4jmc-cgpx-wfmf.json new file mode 100644 index 0000000000000..9b8f820306f35 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4jmc-cgpx-wfmf/GHSA-4jmc-cgpx-wfmf.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4jmc-cgpx-wfmf", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12935" + ], + "details": "A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12935" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289288" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289288" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468129" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T05:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-533g-7w58-g89m/GHSA-533g-7w58-g89m.json b/advisories/unreviewed/2024/12/GHSA-533g-7w58-g89m/GHSA-533g-7w58-g89m.json index 205445b44c1e8..ea8fd48369be4 100644 --- a/advisories/unreviewed/2024/12/GHSA-533g-7w58-g89m/GHSA-533g-7w58-g89m.json +++ b/advisories/unreviewed/2024/12/GHSA-533g-7w58-g89m/GHSA-533g-7w58-g89m.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-533g-7w58-g89m", - "modified": "2024-12-24T03:30:46Z", + "modified": "2024-12-26T06:30:47Z", "published": "2024-12-23T00:30:54Z", "aliases": [ "CVE-2024-56375" @@ -19,6 +19,10 @@ "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56375" }, + { + "type": "WEB", + "url": "https://github.com/NICMx/FORT-validator/issues/154" + }, { "type": "WEB", "url": "https://nicmx.github.io/FORT-validator/CVE.html" diff --git a/advisories/unreviewed/2024/12/GHSA-7669-rvr4-58hw/GHSA-7669-rvr4-58hw.json b/advisories/unreviewed/2024/12/GHSA-7669-rvr4-58hw/GHSA-7669-rvr4-58hw.json new file mode 100644 index 0000000000000..8bb2ae65a60fc --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-7669-rvr4-58hw/GHSA-7669-rvr4-58hw.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7669-rvr4-58hw", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12934" + ], + "details": "A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12934" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289287" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289287" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468128" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T04:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-7jjg-gm2c-94v7/GHSA-7jjg-gm2c-94v7.json b/advisories/unreviewed/2024/12/GHSA-7jjg-gm2c-94v7/GHSA-7jjg-gm2c-94v7.json new file mode 100644 index 0000000000000..97bb6ef9c034c --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-7jjg-gm2c-94v7/GHSA-7jjg-gm2c-94v7.json @@ -0,0 +1,29 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-7jjg-gm2c-94v7", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-10903" + ], + "details": "The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10903" + }, + { + "type": "WEB", + "url": "https://wpscan.com/vulnerability/39027390-ce01-4dd5-a979-426785aa7acb" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T06:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-fxjp-p9mj-r6h8/GHSA-fxjp-p9mj-r6h8.json b/advisories/unreviewed/2024/12/GHSA-fxjp-p9mj-r6h8/GHSA-fxjp-p9mj-r6h8.json new file mode 100644 index 0000000000000..8eb1b34840501 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-fxjp-p9mj-r6h8/GHSA-fxjp-p9mj-r6h8.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-fxjp-p9mj-r6h8", + "modified": "2024-12-26T06:30:48Z", + "published": "2024-12-26T06:30:48Z", + "aliases": [ + "CVE-2024-12937" + ], + "details": "A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12937" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289290" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289290" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468134" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T06:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-gh3f-64h2-9gjh/GHSA-gh3f-64h2-9gjh.json b/advisories/unreviewed/2024/12/GHSA-gh3f-64h2-9gjh/GHSA-gh3f-64h2-9gjh.json new file mode 100644 index 0000000000000..ebbc027c5febb --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-gh3f-64h2-9gjh/GHSA-gh3f-64h2-9gjh.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gh3f-64h2-9gjh", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12936" + ], + "details": "A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12936" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289289" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289289" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468130" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T05:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-jfx8-86f7-x4h2/GHSA-jfx8-86f7-x4h2.json b/advisories/unreviewed/2024/12/GHSA-jfx8-86f7-x4h2/GHSA-jfx8-86f7-x4h2.json new file mode 100644 index 0000000000000..240fce3892b78 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-jfx8-86f7-x4h2/GHSA-jfx8-86f7-x4h2.json @@ -0,0 +1,36 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jfx8-86f7-x4h2", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12652" + ], + "details": "A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.", + "severity": [ + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12652" + }, + { + "type": "WEB", + "url": "https://zuso.ai/advisory/za-2024-13" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-94" + ], + "severity": "CRITICAL", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T04:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-rj25-7x5r-jgw6/GHSA-rj25-7x5r-jgw6.json b/advisories/unreviewed/2024/12/GHSA-rj25-7x5r-jgw6/GHSA-rj25-7x5r-jgw6.json new file mode 100644 index 0000000000000..a5b9be44e6029 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-rj25-7x5r-jgw6/GHSA-rj25-7x5r-jgw6.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-rj25-7x5r-jgw6", + "modified": "2024-12-26T06:30:47Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12933" + ], + "details": "A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The manipulation of the argument p_name/p_desc leads to cross site scripting. The attack may be launched remotely.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12933" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289286" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289286" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468124" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-79" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T04:15:05Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-vhwm-93rm-63jm/GHSA-vhwm-93rm-63jm.json b/advisories/unreviewed/2024/12/GHSA-vhwm-93rm-63jm/GHSA-vhwm-93rm-63jm.json new file mode 100644 index 0000000000000..2fd7f460889df --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-vhwm-93rm-63jm/GHSA-vhwm-93rm-63jm.json @@ -0,0 +1,52 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-vhwm-93rm-63jm", + "modified": "2024-12-26T06:30:48Z", + "published": "2024-12-26T06:30:47Z", + "aliases": [ + "CVE-2024-12938" + ], + "details": "A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + { + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" + } + ], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12938" + }, + { + "type": "WEB", + "url": "https://code-projects.org" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?ctiid.289291" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?id.289291" + }, + { + "type": "WEB", + "url": "https://vuldb.com/?submit.468135" + } + ], + "database_specific": { + "cwe_ids": [ + "CWE-74" + ], + "severity": "MODERATE", + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-26T06:15:05Z" + } +} \ No newline at end of file