From 052cff019d15ece98e8255c0375f3081f08314bc Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Sat, 19 Oct 2024 21:33:12 +0000
Subject: [PATCH] Publish Advisories

GHSA-c64m-qcp9-5qjc
GHSA-cqr9-wvm8-ffrj
GHSA-j6x2-cm38-9jrr
---
 .../GHSA-c64m-qcp9-5qjc.json                  | 58 +++++++++++++++++++
 .../GHSA-cqr9-wvm8-ffrj.json                  | 58 +++++++++++++++++++
 .../GHSA-j6x2-cm38-9jrr.json                  | 58 +++++++++++++++++++
 3 files changed, 174 insertions(+)
 create mode 100644 advisories/unreviewed/2024/10/GHSA-c64m-qcp9-5qjc/GHSA-c64m-qcp9-5qjc.json
 create mode 100644 advisories/unreviewed/2024/10/GHSA-cqr9-wvm8-ffrj/GHSA-cqr9-wvm8-ffrj.json
 create mode 100644 advisories/unreviewed/2024/10/GHSA-j6x2-cm38-9jrr/GHSA-j6x2-cm38-9jrr.json

diff --git a/advisories/unreviewed/2024/10/GHSA-c64m-qcp9-5qjc/GHSA-c64m-qcp9-5qjc.json b/advisories/unreviewed/2024/10/GHSA-c64m-qcp9-5qjc/GHSA-c64m-qcp9-5qjc.json
new file mode 100644
index 0000000000000..099a9fbda6d18
--- /dev/null
+++ b/advisories/unreviewed/2024/10/GHSA-c64m-qcp9-5qjc/GHSA-c64m-qcp9-5qjc.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-c64m-qcp9-5qjc",
+  "modified": "2024-10-19T21:31:24Z",
+  "published": "2024-10-19T21:31:24Z",
+  "aliases": [
+    "CVE-2024-10156"
+  ],
+  "details": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10156"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_index_sqli.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.280942"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.280942"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.425398"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-10-19T21:15:12Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2024/10/GHSA-cqr9-wvm8-ffrj/GHSA-cqr9-wvm8-ffrj.json b/advisories/unreviewed/2024/10/GHSA-cqr9-wvm8-ffrj/GHSA-cqr9-wvm8-ffrj.json
new file mode 100644
index 0000000000000..04e4b64895287
--- /dev/null
+++ b/advisories/unreviewed/2024/10/GHSA-cqr9-wvm8-ffrj/GHSA-cqr9-wvm8-ffrj.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-cqr9-wvm8-ffrj",
+  "modified": "2024-10-19T21:31:24Z",
+  "published": "2024-10-19T21:31:24Z",
+  "aliases": [
+    "CVE-2024-10154"
+  ],
+  "details": "A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10154"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_status_sqli.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.280940"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.280940"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.425385"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-89"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-10-19T19:15:04Z"
+  }
+}
\ No newline at end of file
diff --git a/advisories/unreviewed/2024/10/GHSA-j6x2-cm38-9jrr/GHSA-j6x2-cm38-9jrr.json b/advisories/unreviewed/2024/10/GHSA-j6x2-cm38-9jrr/GHSA-j6x2-cm38-9jrr.json
new file mode 100644
index 0000000000000..bfaf42d2ba1aa
--- /dev/null
+++ b/advisories/unreviewed/2024/10/GHSA-j6x2-cm38-9jrr/GHSA-j6x2-cm38-9jrr.json
@@ -0,0 +1,58 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-j6x2-cm38-9jrr",
+  "modified": "2024-10-19T21:31:24Z",
+  "published": "2024-10-19T21:31:24Z",
+  "aliases": [
+    "CVE-2024-10155"
+  ],
+  "details": "A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"
+    },
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"
+    }
+  ],
+  "affected": [
+
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10155"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_xss.md"
+    },
+    {
+      "type": "WEB",
+      "url": "https://phpgurukul.com"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?ctiid.280941"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?id.280941"
+    },
+    {
+      "type": "WEB",
+      "url": "https://vuldb.com/?submit.425397"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-79"
+    ],
+    "severity": "MODERATE",
+    "github_reviewed": false,
+    "github_reviewed_at": null,
+    "nvd_published_at": "2024-10-19T21:15:12Z"
+  }
+}
\ No newline at end of file