🤖 NVD update at 2025-01-02T04:45:50+0000

2024/CVE-2024-56829.json

@@ -0,0 +1,56 @@
+{
+    "id": "CVE-2024-56829",
+    "sourceIdentifier": "[email protected]",
+    "published": "2025-01-02T04:15:05.557",
+    "lastModified": "2025-01-02T04:15:05.557",
+    "vulnStatus": "Received",
+    "cveTags": [],
+    "descriptions": [
+        {
+            "lang": "en",
+            "value": "Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx."
+        }
+    ],
+    "metrics": {
+        "cvssMetricV31": [
+            {
+                "source": "[email protected]",
+                "type": "Secondary",
+                "cvssData": {
+                    "version": "3.1",
+                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+                    "baseScore": 10.0,
+                    "baseSeverity": "CRITICAL",
+                    "attackVector": "NETWORK",
+                    "attackComplexity": "LOW",
+                    "privilegesRequired": "NONE",
+                    "userInteraction": "NONE",
+                    "scope": "CHANGED",
+                    "confidentialityImpact": "HIGH",
+                    "integrityImpact": "HIGH",
+                    "availabilityImpact": "HIGH"
+                },
+                "exploitabilityScore": 3.9,
+                "impactScore": 6.0
+            }
+        ]
+    },
+    "weaknesses": [
+        {
+            "source": "[email protected]",
+            "type": "Secondary",
+            "description": [
+                {
+                    "lang": "en",
+                    "value": "CWE-434"
+                }
+            ]
+        }
+    ],
+    "references": [
+        {
+            "url": "https://github.com/Zerone0x00/CVE/blob/main/%E9%BB%84%E8%8D%AF%E5%B8%88%E8%8D%AF%E4%B8%9A%E7%AE%A1%E7%90%86%E8%BD%AF%E4%BB%B6/UploadFile%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0.md",
+            "source": "[email protected]"
+        }
+    ]
+}

2025/CVE-2025-22214.json

@@ -0,0 +1,56 @@
+{
+    "id": "CVE-2025-22214",
+    "sourceIdentifier": "[email protected]",
+    "published": "2025-01-02T04:15:06.277",
+    "lastModified": "2025-01-02T04:15:06.277",
+    "vulnStatus": "Received",
+    "cveTags": [],
+    "descriptions": [
+        {
+            "lang": "en",
+            "value": "Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection."
+        }
+    ],
+    "metrics": {
+        "cvssMetricV31": [
+            {
+                "source": "[email protected]",
+                "type": "Secondary",
+                "cvssData": {
+                    "version": "3.1",
+                    "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+                    "baseScore": 4.3,
+                    "baseSeverity": "MEDIUM",
+                    "attackVector": "NETWORK",
+                    "attackComplexity": "LOW",
+                    "privilegesRequired": "LOW",
+                    "userInteraction": "NONE",
+                    "scope": "UNCHANGED",
+                    "confidentialityImpact": "LOW",
+                    "integrityImpact": "NONE",
+                    "availabilityImpact": "NONE"
+                },
+                "exploitabilityScore": 2.8,
+                "impactScore": 1.4
+            }
+        ]
+    },
+    "weaknesses": [
+        {
+            "source": "[email protected]",
+            "type": "Secondary",
+            "description": [
+                {
+                    "lang": "en",
+                    "value": "CWE-89"
+                }
+            ]
+        }
+    ],
+    "references": [
+        {
+            "url": "https://github.com/Zerone0x00/CVE/blob/main/%E8%93%9D%E5%87%8CEISsql%E6%B3%A8%E5%85%A5/1.md",
+            "source": "[email protected]"
+        }
+    ]
+}