Search criteria
2 vulnerabilities found for SelectCours by rahman
CVE-2024-2064 (GCVE-0-2024-2064)
Vulnerability from nvd – Published: 2024-03-01 14:00 – Updated: 2024-08-01 19:03
VLAI?
Title
rahman SelectCours Template CacheController.java getCacheNames injection
Summary
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-74 - Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rahman | SelectCours |
Affected:
1.0
|
Credits
andries (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rahman:selectcours:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "selectcours",
"vendor": "rahman",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2064",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T19:18:49.524751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:46:13.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.255379"
},
{
"name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.255379"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Template Handler"
],
"product": "SelectCours",
"vendor": "rahman",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "andries (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."
},
{
"lang": "de",
"value": "In rahman SelectCours 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion getCacheNames der Datei CacheController.java der Komponente Template Handler. Durch die Manipulation des Arguments fragment mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T14:00:08.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.255379"
},
{
"name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.255379"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-01T08:03:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "rahman SelectCours Template CacheController.java getCacheNames injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2064",
"datePublished": "2024-03-01T14:00:08.305Z",
"dateReserved": "2024-03-01T06:57:53.523Z",
"dateUpdated": "2024-08-01T19:03:38.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-2064 (GCVE-0-2024-2064)
Vulnerability from cvelistv5 – Published: 2024-03-01 14:00 – Updated: 2024-08-01 19:03
VLAI?
Title
rahman SelectCours Template CacheController.java getCacheNames injection
Summary
A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379.
Severity ?
4.3 (Medium)
4.3 (Medium)
CWE
- CWE-74 - Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| rahman | SelectCours |
Affected:
1.0
|
Credits
andries (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:rahman:selectcours:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "selectcours",
"vendor": "rahman",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-2064",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-22T19:18:49.524751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-23T20:46:13.713Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:38.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.255379"
},
{
"name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.255379"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Template Handler"
],
"product": "SelectCours",
"vendor": "rahman",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "andries (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."
},
{
"lang": "de",
"value": "In rahman SelectCours 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion getCacheNames der Datei CacheController.java der Komponente Template Handler. Durch die Manipulation des Arguments fragment mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74 Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-01T14:00:08.305Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.255379"
},
{
"name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.255379"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-03-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-03-01T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-03-01T08:03:02.000Z",
"value": "VulDB entry last update"
}
],
"title": "rahman SelectCours Template CacheController.java getCacheNames injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-2064",
"datePublished": "2024-03-01T14:00:08.305Z",
"dateReserved": "2024-03-01T06:57:53.523Z",
"dateUpdated": "2024-08-01T19:03:38.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}