Skip to content

Commit abf4d54

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-222g-2jc9-rv88 GHSA-462x-7r4x-p5hx GHSA-83wr-rv9q-94cx
1 parent 2e59245 commit abf4d54

File tree

3 files changed

+172
-0
lines changed

3 files changed

+172
-0
lines changed

advisories/unreviewed/2025/11/GHSA-222g-2jc9-rv88/GHSA-222g-2jc9-rv88.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-222g-2jc9-rv88",
4+
"modified": "2025-11-16T03:30:25Z",
5+
"published": "2025-11-16T03:30:25Z",
6+
"aliases": [
7+
"CVE-2025-13233"
8+
],
9+
"details": "A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13233"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/3169417664/cve/issues/2"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332559"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332559"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.686683"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-16T03:15:58Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-462x-7r4x-p5hx/GHSA-462x-7r4x-p5hx.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-462x-7r4x-p5hx",
4+
"modified": "2025-11-16T03:30:25Z",
5+
"published": "2025-11-16T03:30:25Z",
6+
"aliases": [
7+
"CVE-2025-13232"
8+
],
9+
"details": "A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to version r1945 is recommended to address this issue. Patch name: 334da1ea39cb12f6b6e98dd2f80bb033e0c7b845. It is advisable to upgrade the affected component.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13232"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/projectsend/projectsend/pull/1450"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/projectsend/projectsend/commit/334da1ea39cb12f6b6e98dd2f80bb033e0c7b845"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://github.com/projectsend/projectsend/releases/tag/r1945"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?ctiid.332558"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?id.332558"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.686533"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-79"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2025-11-16T01:15:42Z"
59+
}
60+
}

advisories/unreviewed/2025/11/GHSA-83wr-rv9q-94cx/GHSA-83wr-rv9q-94cx.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-83wr-rv9q-94cx",
4+
"modified": "2025-11-16T03:30:25Z",
5+
"published": "2025-11-16T03:30:25Z",
6+
"aliases": [
7+
"CVE-2025-13234"
8+
],
9+
"details": "A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13234"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/pip-in-head/lulucat-VD/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://itsourcecode.com"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332560"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332560"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.686698"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-16T03:15:59Z"
55+
}
56+
}

0 commit comments

Comments
 (0)