Advisory Database Sync

Author: advisory-database[bot]

advisories/unreviewed/2026/02/GHSA-34qg-fch7-c5r6/GHSA-34qg-fch7-c5r6.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-34qg-fch7-c5r6",
+  "modified": "2026-02-01T15:32:31Z",
+  "published": "2026-02-01T15:32:30Z",
+  "aliases": [
+    "CVE-2021-47914"
+  ],
+  "details": "PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47914"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.phpsugar.com/blog/2021/09/php-melody-3-0-vulnerability-report-fix"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.phpsugar.com/phpmelody.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/php-melody-persistent-xss-vulnerability-via-edit-video-parameter"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2292"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T13:15:55Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-4c7c-97vp-w235/GHSA-4c7c-97vp-w235.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4c7c-97vp-w235",
+  "modified": "2026-02-01T15:32:31Z",
+  "published": "2026-02-01T15:32:31Z",
+  "aliases": [
+    "CVE-2023-54343"
+  ],
+  "details": "QWE DL 2.0.1 mobile web application contains a persistent input validation vulnerability allowing remote attackers to inject malicious script code through path parameter manipulation. Attackers can exploit the vulnerability to execute persistent cross-site scripting attacks, potentially leading to session hijacking and application module manipulation.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-54343"
+    },
+    {
+      "type": "WEB",
+      "url": "https://apps.apple.com/us/app/qwe/id935520103"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/qwe-dl-persistent-xss-vulnerability-via-path-parameter"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2326"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T13:15:58Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5m25-34q2-5599/GHSA-5m25-34q2-5599.json

@@ -0,0 +1,52 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5m25-34q2-5599",
+  "modified": "2026-02-01T15:32:30Z",
+  "published": "2026-02-01T15:32:30Z",
+  "aliases": [
+    "CVE-2021-47911"
+  ],
+  "details": "Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47911"
+    },
+    {
+      "type": "WEB",
+      "url": "https://codecanyon.net/item/affiliate-pro-affiliate-management-system/12908496"
+    },
+    {
+      "type": "WEB",
+      "url": "https://jdwebdesigner.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/affiliate-pro-reflected-cross-site-scripting-via-index-module"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2281"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T13:15:55Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5p8g-6vrq-jcmp/GHSA-5p8g-6vrq-jcmp.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5p8g-6vrq-jcmp",
+  "modified": "2026-02-01T15:32:31Z",
+  "published": "2026-02-01T15:32:31Z",
+  "aliases": [
+    "CVE-2022-50950"
+  ],
+  "details": "Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-50950"
+    },
+    {
+      "type": "WEB",
+      "url": "https://play.google.com/store/apps/details?id=com.techprd.filetransfer&hl=en_US"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/webile-directory-traversal-vulnerability-via-web-application"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2320"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T13:15:57Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-5w42-2fm6-qvmc/GHSA-5w42-2fm6-qvmc.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-5w42-2fm6-qvmc",
+  "modified": "2026-02-01T15:32:30Z",
+  "published": "2026-02-01T15:32:30Z",
+  "aliases": [
+    "CVE-2021-47916"
+  ],
+  "details": "Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-47916"
+    },
+    {
+      "type": "WEB",
+      "url": "https://simplephpscripts.com/simple-cms-php"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/simple-cms-sql-injection-vulnerability-via-users-module"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulnerability-lab.com/get_content.php?id=2303"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T13:15:55Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6hrv-vgx8-q9xm/GHSA-6hrv-vgx8-q9xm.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6hrv-vgx8-q9xm",
+  "modified": "2026-02-01T15:32:31Z",
+  "published": "2026-02-01T15:32:31Z",
+  "aliases": [
+    "CVE-2020-37063"
+  ],
+  "details": "TFTP Turbo 4.6.1273 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with LocalSystem permissions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37063"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48085"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/tftp-turbo-tftp-turbo-unquoted-service-path"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.weird-solutions.com"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T15:16:04Z"
+  }
+}

advisories/unreviewed/2026/02/GHSA-6q9f-h462-2vqv/GHSA-6q9f-h462-2vqv.json

@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-6q9f-h462-2vqv",
+  "modified": "2026-02-01T15:32:31Z",
+  "published": "2026-02-01T15:32:31Z",
+  "aliases": [
+    "CVE-2020-37048"
+  ],
+  "details": "Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-37048"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.exploit-db.com/exploits/48171"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.iskysoft.us"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vulncheck.com/advisories/iskysoft-application-framework-service-isappservice-unquoted-service-path"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-428"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2026-02-01T15:16:03Z"
+  }
+}