Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit 9ee9d90462c9 · 2025-05-31T18:32:06.000Z
GHSA-4wpm-qvg3-wvjj GHSA-55xg-g89g-mxwj GHSA-573x-h396-vgr7 GHSA-7m5m-789w-r328 GHSA-q765-jvvr-jmgw
diff --git a/advisories/unreviewed/2025/05/GHSA-4wpm-qvg3-wvjj/GHSA-4wpm-qvg3-wvjj.json b/advisories/unreviewed/2025/05/GHSA-4wpm-qvg3-wvjj/GHSA-4wpm-qvg3-wvjj.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-4wpm-qvg3-wvjj",
+  "modified": "2025-05-31T18:30:33Z",
+  "published": "2025-05-31T18:30:33Z",
+  "aliases": [
+    "CVE-2025-5384"
+  ],
+  "details": "A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5384"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310677"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310677"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-31T16:15:19Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/05/GHSA-55xg-g89g-mxwj/GHSA-55xg-g89g-mxwj.json b/advisories/unreviewed/2025/05/GHSA-55xg-g89g-mxwj/GHSA-55xg-g89g-mxwj.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-55xg-g89g-mxwj",
+  "modified": "2025-05-31T18:30:34Z",
+  "published": "2025-05-31T18:30:34Z",
+  "aliases": [
+    "CVE-2025-5388"
+  ],
+  "details": "A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5388"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310681"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310681"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-31T18:15:21Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/05/GHSA-573x-h396-vgr7/GHSA-573x-h396-vgr7.json b/advisories/unreviewed/2025/05/GHSA-573x-h396-vgr7/GHSA-573x-h396-vgr7.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-573x-h396-vgr7",
+  "modified": "2025-05-31T18:30:33Z",
+  "published": "2025-05-31T18:30:33Z",
+  "aliases": [
+    "CVE-2025-5386"
+  ],
+  "details": "A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5386"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310679"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310679"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-74"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-31T17:15:21Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/05/GHSA-7m5m-789w-r328/GHSA-7m5m-789w-r328.json b/advisories/unreviewed/2025/05/GHSA-7m5m-789w-r328/GHSA-7m5m-789w-r328.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7m5m-789w-r328",
+  "modified": "2025-05-31T18:30:33Z",
+  "published": "2025-05-31T18:30:33Z",
+  "aliases": [
+    "CVE-2025-5387"
+  ],
+  "details": "A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5387"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310680"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310680"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-266"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-31T18:15:20Z"
+  }
+}
diff --git a/advisories/unreviewed/2025/05/GHSA-q765-jvvr-jmgw/GHSA-q765-jvvr-jmgw.json b/advisories/unreviewed/2025/05/GHSA-q765-jvvr-jmgw/GHSA-q765-jvvr-jmgw.json
@@ -0,0 +1,48 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-q765-jvvr-jmgw",
+  "modified": "2025-05-31T18:30:33Z",
+  "published": "2025-05-31T18:30:33Z",
+  "aliases": [
+    "CVE-2025-5385"
+  ],
+  "details": "A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5385"
+    },
+    {
+      "type": "WEB",
+      "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/IC5FNV"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.310678"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.310678"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-22"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2025-05-31T17:15:20Z"
+  }
+}
