Skip to content

Commit e62dfd5

Browse files
cad-safe-botcad-safe-bot
committed
Auto-Update: 2025-03-17T00:55:19.655406+00:00
1 parent de7c411 commit e62dfd5

File tree

8 files changed

+634
-15
lines changed

8 files changed

+634
-15
lines changed

CVE-2025/CVE-2025-23xx/CVE-2025-2351.json

Lines changed: 137 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,137 @@
1+
{
2+
"id": "CVE-2025-2351",
3+
"sourceIdentifier": "[email protected]",
4+
"published": "2025-03-16T23:15:47.710",
5+
"lastModified": "2025-03-16T23:15:47.710",
6+
"vulnStatus": "Received",
7+
"cveTags": [],
8+
"descriptions": [
9+
{
10+
"lang": "en",
11+
"value": "A vulnerability classified as critical was found in DayCloud StudentManage 1.0. This vulnerability affects unknown code of the file /admin/adminScoreUrl of the component Login Endpoint. The manipulation of the argument query leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."
12+
}
13+
],
14+
"metrics": {
15+
"cvssMetricV40": [
16+
{
17+
"source": "[email protected]",
18+
"type": "Secondary",
19+
"cvssData": {
20+
"version": "4.0",
21+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
22+
"baseScore": 6.9,
23+
"baseSeverity": "MEDIUM",
24+
"attackVector": "NETWORK",
25+
"attackComplexity": "LOW",
26+
"attackRequirements": "NONE",
27+
"privilegesRequired": "NONE",
28+
"userInteraction": "NONE",
29+
"vulnConfidentialityImpact": "LOW",
30+
"vulnIntegrityImpact": "LOW",
31+
"vulnAvailabilityImpact": "LOW",
32+
"subConfidentialityImpact": "NONE",
33+
"subIntegrityImpact": "NONE",
34+
"subAvailabilityImpact": "NONE",
35+
"exploitMaturity": "NOT_DEFINED",
36+
"confidentialityRequirement": "NOT_DEFINED",
37+
"integrityRequirement": "NOT_DEFINED",
38+
"availabilityRequirement": "NOT_DEFINED",
39+
"modifiedAttackVector": "NOT_DEFINED",
40+
"modifiedAttackComplexity": "NOT_DEFINED",
41+
"modifiedAttackRequirements": "NOT_DEFINED",
42+
"modifiedPrivilegesRequired": "NOT_DEFINED",
43+
"modifiedUserInteraction": "NOT_DEFINED",
44+
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
45+
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
46+
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
47+
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
48+
"modifiedSubIntegrityImpact": "NOT_DEFINED",
49+
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
50+
"Safety": "NOT_DEFINED",
51+
"Automatable": "NOT_DEFINED",
52+
"Recovery": "NOT_DEFINED",
53+
"valueDensity": "NOT_DEFINED",
54+
"vulnerabilityResponseEffort": "NOT_DEFINED",
55+
"providerUrgency": "NOT_DEFINED"
56+
}
57+
}
58+
],
59+
"cvssMetricV31": [
60+
{
61+
"source": "[email protected]",
62+
"type": "Primary",
63+
"cvssData": {
64+
"version": "3.1",
65+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
66+
"baseScore": 7.3,
67+
"baseSeverity": "HIGH",
68+
"attackVector": "NETWORK",
69+
"attackComplexity": "LOW",
70+
"privilegesRequired": "NONE",
71+
"userInteraction": "NONE",
72+
"scope": "UNCHANGED",
73+
"confidentialityImpact": "LOW",
74+
"integrityImpact": "LOW",
75+
"availabilityImpact": "LOW"
76+
},
77+
"exploitabilityScore": 3.9,
78+
"impactScore": 3.4
79+
}
80+
],
81+
"cvssMetricV2": [
82+
{
83+
"source": "[email protected]",
84+
"type": "Secondary",
85+
"cvssData": {
86+
"version": "2.0",
87+
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
88+
"baseScore": 7.5,
89+
"accessVector": "NETWORK",
90+
"accessComplexity": "LOW",
91+
"authentication": "NONE",
92+
"confidentialityImpact": "PARTIAL",
93+
"integrityImpact": "PARTIAL",
94+
"availabilityImpact": "PARTIAL"
95+
},
96+
"baseSeverity": "HIGH",
97+
"exploitabilityScore": 10.0,
98+
"impactScore": 6.4,
99+
"acInsufInfo": false,
100+
"obtainAllPrivilege": false,
101+
"obtainUserPrivilege": false,
102+
"obtainOtherPrivilege": false,
103+
"userInteractionRequired": false
104+
}
105+
]
106+
},
107+
"weaknesses": [
108+
{
109+
"source": "[email protected]",
110+
"type": "Primary",
111+
"description": [
112+
{
113+
"lang": "en",
114+
"value": "CWE-74"
115+
},
116+
{
117+
"lang": "en",
118+
"value": "CWE-89"
119+
}
120+
]
121+
}
122+
],
123+
"references": [
124+
{
125+
"url": "https://vuldb.com/?ctiid.299818",
126+
"source": "[email protected]"
127+
},
128+
{
129+
"url": "https://vuldb.com/?id.299818",
130+
"source": "[email protected]"
131+
},
132+
{
133+
"url": "https://vuldb.com/?submit.512793",
134+
"source": "[email protected]"
135+
}
136+
]
137+
}

CVE-2025/CVE-2025-23xx/CVE-2025-2352.json

Lines changed: 141 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,141 @@
1+
{
2+
"id": "CVE-2025-2352",
3+
"sourceIdentifier": "[email protected]",
4+
"published": "2025-03-16T23:15:47.890",
5+
"lastModified": "2025-03-16T23:15:47.890",
6+
"vulnStatus": "Received",
7+
"cveTags": [],
8+
"descriptions": [
9+
{
10+
"lang": "en",
11+
"value": "A vulnerability, which was classified as problematic, has been found in StarSea99 starsea-mall 1.0. This issue affects some unknown processing of the file /admin/indexConfigs/save of the component Backend. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
12+
}
13+
],
14+
"metrics": {
15+
"cvssMetricV40": [
16+
{
17+
"source": "[email protected]",
18+
"type": "Secondary",
19+
"cvssData": {
20+
"version": "4.0",
21+
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
22+
"baseScore": 4.8,
23+
"baseSeverity": "MEDIUM",
24+
"attackVector": "NETWORK",
25+
"attackComplexity": "LOW",
26+
"attackRequirements": "NONE",
27+
"privilegesRequired": "HIGH",
28+
"userInteraction": "PASSIVE",
29+
"vulnConfidentialityImpact": "NONE",
30+
"vulnIntegrityImpact": "LOW",
31+
"vulnAvailabilityImpact": "NONE",
32+
"subConfidentialityImpact": "NONE",
33+
"subIntegrityImpact": "NONE",
34+
"subAvailabilityImpact": "NONE",
35+
"exploitMaturity": "NOT_DEFINED",
36+
"confidentialityRequirement": "NOT_DEFINED",
37+
"integrityRequirement": "NOT_DEFINED",
38+
"availabilityRequirement": "NOT_DEFINED",
39+
"modifiedAttackVector": "NOT_DEFINED",
40+
"modifiedAttackComplexity": "NOT_DEFINED",
41+
"modifiedAttackRequirements": "NOT_DEFINED",
42+
"modifiedPrivilegesRequired": "NOT_DEFINED",
43+
"modifiedUserInteraction": "NOT_DEFINED",
44+
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
45+
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
46+
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
47+
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
48+
"modifiedSubIntegrityImpact": "NOT_DEFINED",
49+
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
50+
"Safety": "NOT_DEFINED",
51+
"Automatable": "NOT_DEFINED",
52+
"Recovery": "NOT_DEFINED",
53+
"valueDensity": "NOT_DEFINED",
54+
"vulnerabilityResponseEffort": "NOT_DEFINED",
55+
"providerUrgency": "NOT_DEFINED"
56+
}
57+
}
58+
],
59+
"cvssMetricV31": [
60+
{
61+
"source": "[email protected]",
62+
"type": "Primary",
63+
"cvssData": {
64+
"version": "3.1",
65+
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
66+
"baseScore": 2.4,
67+
"baseSeverity": "LOW",
68+
"attackVector": "NETWORK",
69+
"attackComplexity": "LOW",
70+
"privilegesRequired": "HIGH",
71+
"userInteraction": "REQUIRED",
72+
"scope": "UNCHANGED",
73+
"confidentialityImpact": "NONE",
74+
"integrityImpact": "LOW",
75+
"availabilityImpact": "NONE"
76+
},
77+
"exploitabilityScore": 0.9,
78+
"impactScore": 1.4
79+
}
80+
],
81+
"cvssMetricV2": [
82+
{
83+
"source": "[email protected]",
84+
"type": "Secondary",
85+
"cvssData": {
86+
"version": "2.0",
87+
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
88+
"baseScore": 3.3,
89+
"accessVector": "NETWORK",
90+
"accessComplexity": "LOW",
91+
"authentication": "MULTIPLE",
92+
"confidentialityImpact": "NONE",
93+
"integrityImpact": "PARTIAL",
94+
"availabilityImpact": "NONE"
95+
},
96+
"baseSeverity": "LOW",
97+
"exploitabilityScore": 6.4,
98+
"impactScore": 2.9,
99+
"acInsufInfo": false,
100+
"obtainAllPrivilege": false,
101+
"obtainUserPrivilege": false,
102+
"obtainOtherPrivilege": false,
103+
"userInteractionRequired": false
104+
}
105+
]
106+
},
107+
"weaknesses": [
108+
{
109+
"source": "[email protected]",
110+
"type": "Primary",
111+
"description": [
112+
{
113+
"lang": "en",
114+
"value": "CWE-79"
115+
},
116+
{
117+
"lang": "en",
118+
"value": "CWE-94"
119+
}
120+
]
121+
}
122+
],
123+
"references": [
124+
{
125+
"url": "https://github.com/Jingyi-u/starsea-mall/tree/main",
126+
"source": "[email protected]"
127+
},
128+
{
129+
"url": "https://vuldb.com/?ctiid.299819",
130+
"source": "[email protected]"
131+
},
132+
{
133+
"url": "https://vuldb.com/?id.299819",
134+
"source": "[email protected]"
135+
},
136+
{
137+
"url": "https://vuldb.com/?submit.513137",
138+
"source": "[email protected]"
139+
}
140+
]
141+
}

0 commit comments

Comments
 (0)