Skip to content

Commit c56a50c

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-2m22-876p-4x3q GHSA-45v9-xmmj-rxgq GHSA-fxmv-6cv3-5qrj GHSA-jc2v-rvhq-xq4w
1 parent 745da21 commit c56a50c

File tree

4 files changed

+224
-0
lines changed

4 files changed

+224
-0
lines changed

advisories/unreviewed/2026/03/GHSA-2m22-876p-4x3q/GHSA-2m22-876p-4x3q.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-2m22-876p-4x3q",
4+
"modified": "2026-03-29T00:31:04Z",
5+
"published": "2026-03-29T00:31:04Z",
6+
"aliases": [
7+
"CVE-2026-5019"
8+
],
9+
"details": "A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5019"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/6Justdododo6/CVE/issues/17"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/779341"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353904"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/353904/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-29T00:16:13Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-45v9-xmmj-rxgq/GHSA-45v9-xmmj-rxgq.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-45v9-xmmj-rxgq",
4+
"modified": "2026-03-29T00:31:04Z",
5+
"published": "2026-03-29T00:31:04Z",
6+
"aliases": [
7+
"CVE-2026-5016"
8+
],
9+
"details": "A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5016"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/elecV2/elecV2P/issues/202"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://github.com/elecV2/elecV2P"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/779181"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353901"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/353901/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-918"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-28T22:15:58Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-fxmv-6cv3-5qrj/GHSA-fxmv-6cv3-5qrj.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-fxmv-6cv3-5qrj",
4+
"modified": "2026-03-29T00:31:04Z",
5+
"published": "2026-03-29T00:31:04Z",
6+
"aliases": [
7+
"CVE-2026-5018"
8+
],
9+
"details": "A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5018"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/6Justdododo6/CVE/issues/16"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/779336"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353903"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/353903/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-28T23:16:44Z"
55+
}
56+
}

advisories/unreviewed/2026/03/GHSA-jc2v-rvhq-xq4w/GHSA-jc2v-rvhq-xq4w.json

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-jc2v-rvhq-xq4w",
4+
"modified": "2026-03-29T00:31:04Z",
5+
"published": "2026-03-29T00:31:04Z",
6+
"aliases": [
7+
"CVE-2026-5017"
8+
],
9+
"details": "A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
14+
},
15+
{
16+
"type": "CVSS_V4",
17+
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
18+
}
19+
],
20+
"affected": [],
21+
"references": [
22+
{
23+
"type": "ADVISORY",
24+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5017"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://github.com/6Justdododo6/CVE/issues/15"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://code-projects.org"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://vuldb.com/submit/779331"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://vuldb.com/vuln/353902"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://vuldb.com/vuln/353902/cti"
45+
}
46+
],
47+
"database_specific": {
48+
"cwe_ids": [
49+
"CWE-74"
50+
],
51+
"severity": "MODERATE",
52+
"github_reviewed": false,
53+
"github_reviewed_at": null,
54+
"nvd_published_at": "2026-03-28T23:16:43Z"
55+
}
56+
}

0 commit comments

Comments
 (0)