{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-2911", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2024-03-26T13:48:21.715Z", "datePublished": "2024-03-26T21:31:04.749Z", "dateUpdated": "2024-09-09T15:26:06.451Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-09T15:26:06.451Z"}, "title": "Tianjin PubliCMS cross-site request forgery", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-352", "lang": "en", "description": "CWE-352 Cross-Site Request Forgery"}]}], "affected": [{"vendor": "Tianjin", "product": "PubliCMS", "versions": [{"version": "4.0.202302.e", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Tianjin PubliCMS 4.0.202302.e gefunden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "timeline": [{"time": "2024-03-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2024-03-26T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2024-03-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2024-06-27T05:46:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "hexixi (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.257979", "name": "VDB-257979 | Tianjin PubliCMS cross-site request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.257979", "name": "VDB-257979 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.300339", "name": "Submit #300339 | TIANJIN Heycore Technology Co.Ltd publiccms V4.0.202302.e CSRF", "tags": ["third-party-advisory"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf", "tags": ["exploit"]}]}, "adp": [{"affected": [{"vendor": "tianjin", "product": "publicms", "cpes": ["cpe:2.3:a:tianjin:publicms:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.0.202302.e", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T19:42:36.255527Z", "id": "CVE-2024-2911", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:43:38.636Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.161Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.257979", "name": "VDB-257979 | Tianjin PubliCMS cross-site request forgery", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.257979", "name": "VDB-257979 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.300339", "name": "Submit #300339 | TIANJIN Heycore Technology Co.Ltd publiccms V4.0.202302.e CSRF", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf", "tags": ["exploit", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.257979", "name": "VDB-257979 | Tianjin PubliCMS cross-site request forgery", "tags": ["vdb-entry", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.257979", "name": "VDB-257979 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://vuldb.com/?submit.300339", "name": "Submit #300339 | TIANJIN Heycore Technology Co.Ltd publiccms V4.0.202302.e CSRF", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T19:25:42.161Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2911", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T19:42:36.255527Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tianjin:publicms:*:*:*:*:*:*:*:*"], "vendor": "tianjin", "product": "publicms", "versions": [{"status": "affected", "version": "4.0.202302.e"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T19:43:35.298Z"}}], "cna": {"title": "Tianjin PubliCMS cross-site request forgery", "credits": [{"lang": "en", "type": "reporter", "value": "hexixi (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "affected": [{"vendor": "Tianjin", "product": "PubliCMS", "versions": [{"status": "affected", "version": "4.0.202302.e"}]}], "timeline": [{"lang": "en", "time": "2024-03-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2024-03-26T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2024-03-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2024-06-27T05:46:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.257979", "name": "VDB-257979 | Tianjin PubliCMS cross-site request forgery", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.257979", "name": "VDB-257979 | CTI Indicators (IOB, IOC)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.300339", "name": "Submit #300339 | TIANJIN Heycore Technology Co.Ltd publiccms V4.0.202302.e CSRF", "tags": ["third-party-advisory"]}, {"url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine problematische Schwachstelle in Tianjin PubliCMS 4.0.202302.e gefunden. Betroffen hiervon ist ein unbekannter Ablauf. Durch das Manipulieren mit unbekannten Daten kann eine cross-site request forgery-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-09-09T15:26:06.451Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2911", "state": "PUBLISHED", "dateUpdated": "2024-09-09T15:26:06.451Z", "dateReserved": "2024-03-26T13:48:21.715Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2024-03-26T21:31:04.749Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:publiccms:publiccms:4.0.202302.e:*:*:*:*:*:*:*", "matchCriteriaId": "696F37D9-7CB7-428B-ADE4-3EB40573111A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability, which was classified as problematic, was found in Tianjin PubliCMS 4.0.202302.e. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en Tianjin PubliCMS 4.0.202302.e y clasificada como problem\u00e1tica. Esto afecta a una parte desconocida. La manipulaci\u00f3n conduce a cross-site request forgery. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-257979. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."}], "id": "CVE-2024-2911", "lastModified": "2025-08-21T17:45:20.687", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2024-03-26T22:15:07.823", "references": [{"source": "cna@vuldb.com", "tags": ["Broken Link"], "url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.257979"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.257979"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.300339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/sweatxi/BugHub/blob/main/publiccms_csrf.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.257979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.257979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.300339"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}