{"vulnerability": "CVE-2021-2339", "sightings": [{"uuid": "5c815330-47e9-422c-a299-cbfc93e24087", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23394", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-23394.yaml", "content": "", "creation_timestamp": "2025-11-30T05:19:32.000000Z"}, {"uuid": "647e86e3-897e-42c0-911f-8c75513a8763", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23394", "type": "published-proof-of-concept", "source": "Telegram/imkoF_Z47iUYHKUYnUtzZel-X1UwY1CoyK6KAfEEjTDMbLw", "content": "", "creation_timestamp": "2025-11-30T09:00:06.000000Z"}, {"uuid": "2b85bf88-b4d6-4e42-a756-0ba1eba9c954", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23394", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m74e5qaczr2b", "content": "", "creation_timestamp": "2025-12-03T21:02:25.838770Z"}, {"uuid": "ad453a47-624d-4481-8ad7-dc1def80d1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23396", "type": "seen", "source": "https://t.me/cibsecurity/25526", "content": "\u203c CVE-2021-23396 \u203c\n\nAll versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-17T20:41:10.000000Z"}, {"uuid": "904a9fee-26cf-4d7d-93ca-8687f4b40bc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23399", "type": "seen", "source": "https://t.me/cibsecurity/25731", "content": "\u203c CVE-2021-23399 \u203c\n\nThis affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-28T12:22:25.000000Z"}, {"uuid": "c201e089-7987-4945-9d3f-56fc6e16d1c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2339", "type": "seen", "source": "https://t.me/cibsecurity/26328", "content": "\u203c CVE-2021-2339 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-21T18:45:23.000000Z"}, {"uuid": "21f14fd9-85b9-4502-abcd-f2cde5702e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23394", "type": "seen", "source": "https://t.me/cibsecurity/25429", "content": "\u203c CVE-2021-23394 \u203c\n\nThe package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-06-13T14:22:25.000000Z"}, {"uuid": "18e45b9b-bd87-4dd7-9799-d6363fddce23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-23394", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/4133", "content": "#Threat_Research\n1. CVE-2021-32682, CVE-2021-23394:\nWrite-up of several pre-auth RCEs in elFinder < 2.1.59\nhttps://blog.sonarsource.com/elfinder-case-study-of-web-file-manager-vulnerabilities\n2. CVE-2021-30656:\nApple iOS/iPadOS GPU Drivers information disclosure\nhttps://jsherman212.github.io/CVE-2021-30656", "creation_timestamp": "2021-08-23T12:07:01.000000Z"}]}