Skip to content

Commit 6aca6e6

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-5558-mmq3-572w GHSA-9v8h-2rmp-52m8 GHSA-h9p3-57f6-xpmg GHSA-wm69-gq95-wfj3
1 parent e9bf418 commit 6aca6e6

File tree

4 files changed

+224
-0
lines changed

4 files changed

+224
-0
lines changed

advisories/unreviewed/2025/01/GHSA-5558-mmq3-572w/GHSA-5558-mmq3-572w.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-5558-mmq3-572w",
4+
"modified": "2025-01-30T03:30:50Z",
5+
"published": "2025-01-30T03:30:50Z",
6+
"aliases": [
7+
"CVE-2025-0847"
8+
],
9+
"details": "A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0847"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/onupset/CVE/issues/5"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://1000projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.294010"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.294010"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.485762"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-01-30T02:15:25Z"
55+
}
56+
}

advisories/unreviewed/2025/01/GHSA-9v8h-2rmp-52m8/GHSA-9v8h-2rmp-52m8.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-9v8h-2rmp-52m8",
4+
"modified": "2025-01-30T03:30:50Z",
5+
"published": "2025-01-30T03:30:50Z",
6+
"aliases": [
7+
"CVE-2025-0846"
8+
],
9+
"details": "A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0846"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/onupset/CVE/issues/4"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://1000projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.294009"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.294009"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.485756"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-01-30T01:15:13Z"
55+
}
56+
}

advisories/unreviewed/2025/01/GHSA-h9p3-57f6-xpmg/GHSA-h9p3-57f6-xpmg.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-h9p3-57f6-xpmg",
4+
"modified": "2025-01-30T03:30:51Z",
5+
"published": "2025-01-30T03:30:51Z",
6+
"aliases": [
7+
"CVE-2025-0849"
8+
],
9+
"details": "A vulnerability classified as critical has been found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /edit-staff/ of the component Staff Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0849"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/KhukuriRimal/Vulnerabilities/blob/main/Sensitive%20Super%20Admin%20Data%20Exposure%20and%20Unauthorized%20Data%20Update%20via%20IDOR%20(Teacher%20Role%20to%20Super%20Admin%20Role).pdf"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.294012"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.294012"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.487618"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.campcodes.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-266"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-01-30T02:15:25Z"
55+
}
56+
}

advisories/unreviewed/2025/01/GHSA-wm69-gq95-wfj3/GHSA-wm69-gq95-wfj3.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-wm69-gq95-wfj3",
4+
"modified": "2025-01-30T03:30:51Z",
5+
"published": "2025-01-30T03:30:51Z",
6+
"aliases": [
7+
"CVE-2025-0848"
8+
],
9+
"details": "A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Request Handler. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0848"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/alc9700jmo/CVE/issues/9"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.294011"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.294011"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.485802"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.tenda.com.cn"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-119"
50+
],
51+
"severity": "HIGH",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-01-30T02:15:25Z"
55+
}
56+
}

0 commit comments

Comments
 (0)