Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/03/GHSA-2w6q-cfjg-6mjp/GHSA-2w6q-cfjg-6mjp.json

@@ -0,0 +1,44 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-2w6q-cfjg-6mjp",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2026-4809"
+  ],
+  "details": "plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling. In that configuration, a remote attacker can submit a file containing executable PHP code while declaring a benign image MIME type, resulting in arbitrary file upload. If the uploaded file is stored in a web-accessible and executable location, this may lead to remote code execution. At the time of publication, no patch was available and the vendor had not responded to coordinated disclosure attempts.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4809"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/plank/laravel-mediable"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/plank/laravel-mediable/releases/tag/6.4.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-434"
+    ],
+    "severity": "CRITICAL",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T11:16:21Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-3rcm-5vqm-53w6/GHSA-3rcm-5vqm-53w6.json

@@ -0,0 +1,49 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-3rcm-5vqm-53w6",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2026-23397"
+  ],
+  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfnetlink_osf: validate individual option lengths in fingerprints\n\nnfnl_osf_add_callback() validates opt_num bounds and string\nNUL-termination but does not check individual option length fields.\nA zero-length option causes nf_osf_match_one() to enter the option\nmatching loop even when foptsize sums to zero, which matches packets\nwith no TCP options where ctx->optp is NULL:\n\n Oops: general protection fault\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n RIP: 0010:nf_osf_match_one (net/netfilter/nfnetlink_osf.c:98)\n Call Trace:\n  nf_osf_match (net/netfilter/nfnetlink_osf.c:227)\n  xt_osf_match_packet (net/netfilter/xt_osf.c:32)\n  ipt_do_table (net/ipv4/netfilter/ip_tables.c:293)\n  nf_hook_slow (net/netfilter/core.c:623)\n  ip_local_deliver (net/ipv4/ip_input.c:262)\n  ip_rcv (net/ipv4/ip_input.c:573)\n\nAdditionally, an MSS option (kind=2) with length < 4 causes\nout-of-bounds reads when nf_osf_match_one() unconditionally accesses\noptp[2] and optp[3] for MSS value extraction.  While RFC 9293\nsection 3.2 specifies that the MSS option is always exactly 4\nbytes (Kind=2, Length=4), the check uses \"< 4\" rather than\n\"!= 4\" because lengths greater than 4 do not cause memory\nsafety issues -- the buffer is guaranteed to be at least\nfoptsize bytes by the ctx->optsize == foptsize check.\n\nReject fingerprints where any option has zero length, or where an MSS\noption has length less than 4, at add time rather than trusting these\nvalues in the packet matching hot path.",
+  "severity": [],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23397"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/224f4678812e1a7bc8341bcb666773a0aec5ea6f"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/3932620c04c2938c93c0890c225960d3d34ba355"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/4c6aa008b913e808c4f4d3cde36cb1d9bb5967c6"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/aa0574182c46963c3cdb8cde46ec93aca21100d8"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/dbdfaae9609629a9569362e3b8f33d0a20fd783c"
+    },
+    {
+      "type": "WEB",
+      "url": "https://git.kernel.org/stable/c/ec8bf0571b142f29dc0b68ae2ac3952f7a464b38"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [],
+    "severity": null,
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T11:16:19Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-46v5-gpch-77vw/GHSA-46v5-gpch-77vw.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-46v5-gpch-77vw",
-  "modified": "2026-03-25T15:31:28Z",
+  "modified": "2026-03-26T12:30:29Z",
   "published": "2026-03-25T15:31:28Z",
   "aliases": [
     "CVE-2026-4760"

advisories/unreviewed/2026/03/GHSA-4cp9-9rmg-ph8j/GHSA-4cp9-9rmg-ph8j.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4cp9-9rmg-ph8j",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2018-25203"
+  ],
+  "details": "Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25203"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/44719"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/online-store-system-cms-sql-injection-via-clientaccess"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T12:16:05Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-4j5p-2cxc-9j9x/GHSA-4j5p-2cxc-9j9x.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4j5p-2cxc-9j9x",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2018-25185"
+  ],
+  "details": "Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25185"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/44730"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/wecodex-restaurant-cms-sql-injection-via-login"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T12:16:04Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-68mg-9jq3-6jrc/GHSA-68mg-9jq3-6jrc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-68mg-9jq3-6jrc",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2018-25204"
+  ],
+  "details": "Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username field to manipulate database queries and gain unauthorized access.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25204"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/44728"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/library-cms-sql-injection-via-admin-login"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T12:16:05Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-6w6g-wxwv-2274/GHSA-6w6g-wxwv-2274.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6w6g-wxwv-2274",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2018-25207"
+  ],
+  "details": "Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25207"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/45323"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.hscripts.com/scripts/php/quiz-maker.php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/online-quiz-maker-sql-injection-via-catid-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T12:16:05Z"
+  }
+}

advisories/unreviewed/2026/03/GHSA-85vx-gmj9-6wff/GHSA-85vx-gmj9-6wff.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-85vx-gmj9-6wff",
+  "modified": "2026-03-26T12:30:29Z",
+  "published": "2026-03-26T12:30:29Z",
+  "aliases": [
+    "CVE-2018-25209"
+  ],
+  "details": "OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract sensitive database information or bypass authentication.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25209"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/bigchef"
+    },
+    {
+      "type": "WEB",
+      "url": "https://sourceforge.net/projects/bigchef/files/latest/download"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/45801"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/openbiz-cubi-lite-sql-injection-via-username-parameter"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-03-26T12:16:06Z"
+  }
+}