{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-2064", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-03-01T06:57:53.523Z", "datePublished": "2024-03-01T14:00:08.305Z", "dateUpdated": "2024-03-01T14:00:08.305Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-03-01T14:00:08.305Z"}, "title": "rahman SelectCours Template CacheController.java getCacheNames injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "CWE-74 Injection"}]}], "affected": [{"vendor": "rahman", "product": "SelectCours", "versions": [{"version": "1.0", "status": "affected"}], "modules": ["Template Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."}, {"lang": "de", "value": "In rahman SelectCours 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Hierbei betrifft es die Funktion getCacheNames der Datei CacheController.java der Komponente Template Handler. Durch die Manipulation des Arguments fragment mit unbekannten Daten kann eine injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-03-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-03-01T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-03-01T08:03:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "andries (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.255379", "name": "VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.255379", "name": "VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md", "tags": ["exploit"]}]}}}

{"descriptions": [{"lang": "en", "value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en rahman SelectCours 1.0 y clasificada como problem\u00e1tica. La funci\u00f3n getCacheNames del archivo CacheController.java del componente Template Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del fragmento de argumento conduce a la inyecci\u00f3n. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-255379."}], "id": "CVE-2024-2064", "lastModified": "2024-05-17T02:38:01.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-03-01T14:15:54.350", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.255379"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.255379"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}