Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for secret-coder-php-project by keerti1924

    CVE-2024-2355 (GCVE-0-2024-2355)

    Vulnerability from nvd – Published: 2024-03-10 11:31 – Updated: 2024-08-01 19:11
    VLAI
    Title
    keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code
    Summary
    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    References
    Impacted products
    Vendor Product Version
    keerti1924 Secret-Coder-PHP-Project Affected: 1.0
    Create a notification for this product.
    keerti1924 secret-coder-php-project Affected: 1.0
        cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    reiginald (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "secret-coder-php-project",
                "vendor": "keerti1924",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2355",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T13:56:55.085444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T15:55:21.019Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-256315 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.256315"
              },
              {
                "name": "VDB-256315 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.256315"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Secret-Coder-PHP-Project",
              "vendor": "keerti1924",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "reiginald (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In keerti1924 Secret-Coder-PHP-Project 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /secret_coder.sql. Durch Manipulation mit unbekannten Daten kann eine inclusion of sensitive information in source code-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T11:31:04.250Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-256315 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.256315"
            },
            {
              "name": "VDB-256315 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.256315"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-09T18:07:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2355",
        "datePublished": "2024-03-10T11:31:04.250Z",
        "dateReserved": "2024-03-09T17:01:20.885Z",
        "dateUpdated": "2024-08-01T19:11:53.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2266 (GCVE-0-2024-2266)

    Vulnerability from nvd – Published: 2024-03-07 21:31 – Updated: 2024-08-12 13:58
    VLAI
    Title
    keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting
    Summary
    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.256036 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.256036 signaturepermissions-required
    https://github.com/smurf-reigz/security/blob/main… exploit
    Impacted products
    Vendor Product Version
    keerti1924 Secret-Coder-PHP-Project Affected: 1.0
    Create a notification for this product.
    keerti1924 secret-coder-php-project Affected: 1.0
        cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    reiginald (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-256036 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.256036"
              },
              {
                "name": "VDB-256036 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.256036"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "secret-coder-php-project",
                "vendor": "keerti1924",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2266",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:11:03.839059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:58:37.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Login Page"
              ],
              "product": "Secret-Coder-PHP-Project",
              "vendor": "keerti1924",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "reiginald (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In keerti1924 Secret-Coder-PHP-Project 1.0 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login.php der Komponente Login Page. Dank der Manipulation des Arguments emailcookie/passwordcookie mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-07T21:31:06.425Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-256036 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.256036"
            },
            {
              "name": "VDB-256036 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.256036"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-07T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-07T15:39:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2266",
        "datePublished": "2024-03-07T21:31:06.425Z",
        "dateReserved": "2024-03-07T14:34:28.577Z",
        "dateUpdated": "2024-08-12T13:58:37.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2355 (GCVE-0-2024-2355)

    Vulnerability from cvelistv5 – Published: 2024-03-10 11:31 – Updated: 2024-08-01 19:11
    VLAI
    Title
    keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code
    Summary
    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-540 - Inclusion of Sensitive Information in Source Code
    Assigner
    References
    Impacted products
    Vendor Product Version
    keerti1924 Secret-Coder-PHP-Project Affected: 1.0
    Create a notification for this product.
    keerti1924 secret-coder-php-project Affected: 1.0
        cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    reiginald (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "secret-coder-php-project",
                "vendor": "keerti1924",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2355",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T13:56:55.085444Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T15:55:21.019Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:11:53.373Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-256315 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.256315"
              },
              {
                "name": "VDB-256315 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.256315"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Secret-Coder-PHP-Project",
              "vendor": "keerti1924",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "reiginald (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In keerti1924 Secret-Coder-PHP-Project 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /secret_coder.sql. Durch Manipulation mit unbekannten Daten kann eine inclusion of sensitive information in source code-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 2.6,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-540",
                  "description": "CWE-540 Inclusion of Sensitive Information in Source Code",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-10T11:31:04.250Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-256315 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.256315"
            },
            {
              "name": "VDB-256315 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.256315"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-09T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-09T18:07:07.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2355",
        "datePublished": "2024-03-10T11:31:04.250Z",
        "dateReserved": "2024-03-09T17:01:20.885Z",
        "dateUpdated": "2024-08-01T19:11:53.373Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-2266 (GCVE-0-2024-2266)

    Vulnerability from cvelistv5 – Published: 2024-03-07 21:31 – Updated: 2024-08-12 13:58
    VLAI
    Title
    keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting
    Summary
    A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross Site Scripting
    Assigner
    References
    URL Tags
    https://vuldb.com/?id.256036 vdb-entrytechnical-description
    https://vuldb.com/?ctiid.256036 signaturepermissions-required
    https://github.com/smurf-reigz/security/blob/main… exploit
    Impacted products
    Vendor Product Version
    keerti1924 Secret-Coder-PHP-Project Affected: 1.0
    Create a notification for this product.
    keerti1924 secret-coder-php-project Affected: 1.0
        cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    reiginald (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T19:03:39.457Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VDB-256036 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting",
                "tags": [
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.256036"
              },
              {
                "name": "VDB-256036 | CTI Indicators (IOB, IOC, TTP, IOA)",
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.256036"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:keerti1924:secret-coder-php-project:1.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "secret-coder-php-project",
                "vendor": "keerti1924",
                "versions": [
                  {
                    "status": "affected",
                    "version": "1.0"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-2266",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T18:11:03.839059Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-12T13:58:37.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "Login Page"
              ],
              "product": "Secret-Coder-PHP-Project",
              "vendor": "keerti1924",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "reiginald (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
            },
            {
              "lang": "de",
              "value": "In keerti1924 Secret-Coder-PHP-Project 1.0 wurde eine problematische Schwachstelle gefunden. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei /login.php der Komponente Login Page. Dank der Manipulation des Arguments emailcookie/passwordcookie mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-07T21:31:06.425Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-256036 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/?id.256036"
            },
            {
              "name": "VDB-256036 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.256036"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-03-07T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-03-07T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-03-07T15:39:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-2266",
        "datePublished": "2024-03-07T21:31:06.425Z",
        "dateReserved": "2024-03-07T14:34:28.577Z",
        "dateUpdated": "2024-08-12T13:58:37.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }