Skip to content

Commit beb02d9

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-522x-2462-3pxx GHSA-86pf-28q5-qxm4 GHSA-m2pp-mr82-c5hc GHSA-rqrg-p9q5-9h2f GHSA-v78c-9crg-6v9m
1 parent 8972723 commit beb02d9

File tree

5 files changed

+284
-0
lines changed

5 files changed

+284
-0
lines changed

advisories/unreviewed/2025/11/GHSA-522x-2462-3pxx/GHSA-522x-2462-3pxx.json

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-522x-2462-3pxx",
4+
"modified": "2025-11-15T18:30:26Z",
5+
"published": "2025-11-15T18:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13208"
8+
],
9+
"details": "A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13208"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/naixiao/CVE/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/naixiao/CVE/issues/2"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332527"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332527"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.685620"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://vuldb.com/?submit.685622"
49+
}
50+
],
51+
"database_specific": {
52+
"cwe_ids": [
53+
"CWE-74"
54+
],
55+
"severity": "MODERATE",
56+
"github_reviewed": false,
57+
"github_reviewed_at": null,
58+
"nvd_published_at": "2025-11-15T18:15:44Z"
59+
}
60+
}

advisories/unreviewed/2025/11/GHSA-86pf-28q5-qxm4/GHSA-86pf-28q5-qxm4.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-86pf-28q5-qxm4",
4+
"modified": "2025-11-15T18:30:26Z",
5+
"published": "2025-11-15T18:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13202"
8+
],
9+
"details": "A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /add_to_cart. Performing manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13202"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/shenxianyuguitian/cafeorder_vuln_XSS/blob/main/README.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332500"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332500"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.685729"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-79"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-15T17:15:42Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-m2pp-mr82-c5hc/GHSA-m2pp-mr82-c5hc.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-m2pp-mr82-c5hc",
4+
"modified": "2025-11-15T18:30:26Z",
5+
"published": "2025-11-15T18:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13201"
8+
],
9+
"details": "A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13201"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://code-projects.org"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/shenxianyuguitian/cafeorder_vuln_SQL/blob/main/README.md"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332499"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332499"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.685619"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-15T16:15:43Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-rqrg-p9q5-9h2f/GHSA-rqrg-p9q5-9h2f.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-rqrg-p9q5-9h2f",
4+
"modified": "2025-11-15T18:30:26Z",
5+
"published": "2025-11-15T18:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13203"
8+
],
9+
"details": "A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the argument studentnum can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13203"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/JasonCyberYu/SimpleCafe/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?ctiid.332501"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?id.332501"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/?submit.686708"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-15T18:15:43Z"
55+
}
56+
}

advisories/unreviewed/2025/11/GHSA-v78c-9crg-6v9m/GHSA-v78c-9crg-6v9m.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-v78c-9crg-6v9m",
4+
"modified": "2025-11-15T18:30:26Z",
5+
"published": "2025-11-15T18:30:26Z",
6+
"aliases": [
7+
"CVE-2025-13200"
8+
],
9+
"details": "A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13200"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/Shaker-Chen/cve/issues/1"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://vuldb.com/?ctiid.332498"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/?id.332498"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/?submit.685615"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://www.sourcecodester.com"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-548"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2025-11-15T16:15:43Z"
55+
}
56+
}

0 commit comments

Comments
 (0)