Publish Advisories

GHSA-47j9-66rr-f39p GHSA-vv5g-xq9c-77w7
github · Oct 12, 2024 · b843455 · b843455
1 parent 58f5edd
commit b843455
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 0 deletions.
diff --git a/advisories/unreviewed/2024/10/GHSA-47j9-66rr-f39p/GHSA-47j9-66rr-f39p.json b/advisories/unreviewed/2024/10/GHSA-47j9-66rr-f39p/GHSA-47j9-66rr-f39p.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-47j9-66rr-f39p",
+  "modified": "2024-10-12T15:30:42Z",
+  "published": "2024-10-12T15:30:42Z",
+  "aliases": [
+    "CVE-2024-9894"
+  ],
+  "details": "A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9894"
+    },
+    {
+      "type": "WEB",
+      "url": "https://code-projects.org"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/siyuancn-hub/cve/blob/main/sql7-.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.280164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.280164"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.422189"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-10-12T13:15:13Z"
+  }
+}
diff --git a/advisories/unreviewed/2024/10/GHSA-vv5g-xq9c-77w7/GHSA-vv5g-xq9c-77w7.json b/advisories/unreviewed/2024/10/GHSA-vv5g-xq9c-77w7/GHSA-vv5g-xq9c-77w7.json
@@ -0,0 +1,43 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-vv5g-xq9c-77w7",
+  "modified": "2024-10-12T15:30:42Z",
+  "published": "2024-10-12T15:30:42Z",
+  "aliases": [
+    "CVE-2024-49193"
+  ],
+  "details": "Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing, because Cc fields are extracted from incoming e-mail messages and used to grant additional authorization for ticket viewing, the mechanism for detecting spoofed e-mail messages is insufficient, and the support e-mail addresses associated with individual tickets are predictable.",
+  "severity": [
+
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-49193"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52"
+    },
+    {
+      "type": "WEB",
+      "url": "https://news.ycombinator.com/item?id=41818459"
+    },
+    {
+      "type": "WEB",
+      "url": "https://x.com/hackermondev/status/1844877950698537323"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+
+    ],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-10-12T14:15:02Z"
+  }
+}