-
Notifications
You must be signed in to change notification settings - Fork 168
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- 2 new CVEs: CVE-2024-10600, CVE-2024-10601 - 0 updated CVEs:
- Loading branch information
cvelistV5 Github Action
committed
Oct 31, 2024
1 parent
34e4ca9
commit 2209371
Showing
4 changed files
with
390 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,170 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-10600", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2024-10-31T15:25:10.968Z", | ||
| "datePublished": "2024-10-31T23:00:06.958Z", | ||
| "dateUpdated": "2024-10-31T23:00:06.958Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2024-10-31T23:00:06.958Z" | ||
| }, | ||
| "title": "Tongda OA 2017 submenu.php sql injection", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-89", | ||
| "lang": "en", | ||
| "description": "SQL Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "Tongda", | ||
| "product": "OA 2017", | ||
| "versions": [ | ||
| { | ||
| "version": "11.0", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.1", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.2", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.3", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.4", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.5", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.6", | ||
| "status": "affected" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "Es wurde eine Schwachstelle in Tongda OA 2017 bis 11.6 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei pda/appcenter/submenu.php. Dank der Manipulation des Arguments appid mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV4_0": { | ||
| "version": "4.0", | ||
| "baseScore": 6.9, | ||
| "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 7.3, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "HIGH" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 7.3, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "HIGH" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 7.5, | ||
| "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-10-31T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2024-10-31T01:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2024-10-31T16:30:25.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "LVZC1 (VulDB User)", | ||
| "type": "reporter" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.282612", | ||
| "name": "VDB-282612 | Tongda OA 2017 submenu.php sql injection", | ||
| "tags": [ | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.282612", | ||
| "name": "VDB-282612 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?submit.433497", | ||
| "name": "Submit #433497 | Beijing Tongda Xinke Technology Co., Ltd Tongda OA v2017-v11.6 Front end SQL injection", | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://github.com/LvZCh/td/issues/3", | ||
| "tags": [ | ||
| "exploit", | ||
| "issue-tracking" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,186 @@ | ||
| { | ||
| "dataType": "CVE_RECORD", | ||
| "dataVersion": "5.1", | ||
| "cveMetadata": { | ||
| "cveId": "CVE-2024-10601", | ||
| "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "state": "PUBLISHED", | ||
| "assignerShortName": "VulDB", | ||
| "dateReserved": "2024-10-31T15:25:13.403Z", | ||
| "datePublished": "2024-10-31T23:00:08.658Z", | ||
| "dateUpdated": "2024-10-31T23:00:08.658Z" | ||
| }, | ||
| "containers": { | ||
| "cna": { | ||
| "providerMetadata": { | ||
| "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", | ||
| "shortName": "VulDB", | ||
| "dateUpdated": "2024-10-31T23:00:08.658Z" | ||
| }, | ||
| "title": "Tongda OA 2017 delete.php sql injection", | ||
| "problemTypes": [ | ||
| { | ||
| "descriptions": [ | ||
| { | ||
| "type": "CWE", | ||
| "cweId": "CWE-89", | ||
| "lang": "en", | ||
| "description": "SQL Injection" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "affected": [ | ||
| { | ||
| "vendor": "Tongda", | ||
| "product": "OA 2017", | ||
| "versions": [ | ||
| { | ||
| "version": "11.0", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.1", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.2", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.3", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.4", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.5", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.6", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.7", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.8", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.9", | ||
| "status": "affected" | ||
| }, | ||
| { | ||
| "version": "11.10", | ||
| "status": "affected" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." | ||
| }, | ||
| { | ||
| "lang": "de", | ||
| "value": "In Tongda OA 2017 bis 11.10 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /general/address/private/address/query/delete.php. Dank Manipulation des Arguments where_repeat mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung." | ||
| } | ||
| ], | ||
| "metrics": [ | ||
| { | ||
| "cvssV4_0": { | ||
| "version": "4.0", | ||
| "baseScore": 5.3, | ||
| "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_1": { | ||
| "version": "3.1", | ||
| "baseScore": 6.3, | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV3_0": { | ||
| "version": "3.0", | ||
| "baseScore": 6.3, | ||
| "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", | ||
| "baseSeverity": "MEDIUM" | ||
| } | ||
| }, | ||
| { | ||
| "cvssV2_0": { | ||
| "version": "2.0", | ||
| "baseScore": 6.5, | ||
| "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P" | ||
| } | ||
| } | ||
| ], | ||
| "timeline": [ | ||
| { | ||
| "time": "2024-10-31T00:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "Advisory disclosed" | ||
| }, | ||
| { | ||
| "time": "2024-10-31T01:00:00.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry created" | ||
| }, | ||
| { | ||
| "time": "2024-10-31T16:30:26.000Z", | ||
| "lang": "en", | ||
| "value": "VulDB entry last update" | ||
| } | ||
| ], | ||
| "credits": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "LVZC1 (VulDB User)", | ||
| "type": "reporter" | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://vuldb.com/?id.282613", | ||
| "name": "VDB-282613 | Tongda OA 2017 delete.php sql injection", | ||
| "tags": [ | ||
| "vdb-entry", | ||
| "technical-description" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?ctiid.282613", | ||
| "name": "VDB-282613 | CTI Indicators (IOB, IOC, TTP, IOA)", | ||
| "tags": [ | ||
| "signature", | ||
| "permissions-required" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://vuldb.com/?submit.433498", | ||
| "name": "Submit #433498 | Beijing Tongda Xinke Technology Co., Ltd Tongda OA v2017-v11.10 SQL injection", | ||
| "tags": [ | ||
| "third-party-advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://github.com/LvZCh/td/issues/4", | ||
| "tags": [ | ||
| "exploit", | ||
| "issue-tracking" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,14 +1,20 @@ | ||
| { | ||
| "fetchTime": "2024-10-31T22:44:18.924Z", | ||
| "numberOfChanges": 1, | ||
| "new": [], | ||
| "updated": [ | ||
| "fetchTime": "2024-10-31T23:10:09.662Z", | ||
| "numberOfChanges": 2, | ||
| "new": [ | ||
| { | ||
| "cveId": "CVE-2023-2062", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-2062", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/2xxx/CVE-2023-2062.json", | ||
| "dateUpdated": "2024-10-31T22:37:13.620Z" | ||
| "cveId": "CVE-2024-10600", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10600", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10600.json", | ||
| "dateUpdated": "2024-10-31T23:00:06.958Z" | ||
| }, | ||
| { | ||
| "cveId": "CVE-2024-10601", | ||
| "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10601", | ||
| "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10601.json", | ||
| "dateUpdated": "2024-10-31T23:00:08.658Z" | ||
| } | ||
| ], | ||
| "updated": [], | ||
| "error": [] | ||
| } |
Oops, something went wrong.