{"vulnerability": "CVE-2023-2092", "sightings": [{"uuid": "4c2d1d41-010a-4a64-8ae8-ca63aa557473", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20928", "type": "published-proof-of-concept", "source": "Telegram/aDDWOWx1lP5nq07BgPScAx5CF-OpLOIbxwE7FkEA6YAzWuw", "content": "", "creation_timestamp": "2023-02-09T07:26:18.000000Z"}, {"uuid": "cb39c606-a039-46a6-bf5c-c39d3dcc7d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2092", "type": "seen", "source": "https://t.me/cibsecurity/62221", "content": "\u203c CVE-2023-2092 \u203c\n\nA vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T14:39:48.000000Z"}, {"uuid": "a044b40f-00f7-4fd6-8ba7-14a45e9b9c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20921", "type": "seen", "source": "https://t.me/arpsyndicate/793", "content": "#ExploitObserverAlert\n\nCVE-2023-20921\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-20921. In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132\n\nFIRST-EPSS: 0.000420000\nNVD-IS: 5.9\nNVD-ES: 1.3", "creation_timestamp": "2023-11-30T07:36:47.000000Z"}, {"uuid": "e75e4f2b-596d-4c6c-a516-6d0b7f13e233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2092", "type": "seen", "source": "https://t.me/arpsyndicate/559", "content": "#ExploitObserverAlert\n\nCVE-2023-2092\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2092. A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-25T01:25:46.000000Z"}, {"uuid": "29fdaa43-d4b5-4d9c-b201-b0c2bc9361c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2092", "type": "seen", "source": "https://t.me/arpsyndicate/1617", "content": "#ExploitObserverAlert\n\nCVE-2023-2092\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2092. A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T12:26:55.000000Z"}, {"uuid": "fd47e3fd-9b1b-41bb-8480-ef02d5dffd9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20927", "type": "seen", "source": "https://t.me/cibsecurity/58213", "content": "\u203c CVE-2023-20927 \u203c\n\nIn permissions of AndroidManifest.xml, there is a possible way to grant signature permissions due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244216503\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T07:36:30.000000Z"}, {"uuid": "3bb2d9cd-4b3e-4ea4-88b3-7b3150f32d1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20928", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7711", "content": "#exploit\n1. CVE-2023-25136:\nPre-Auth Double Free Vulnerability in OpenSSH Server 9.1\nhttps://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1\n\n2. CVE-2023-20928:\nAndroid - Binder VMA management security issues\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=2374\n\n3. GoAnywhere MFT Bug\nhttps://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html", "creation_timestamp": "2023-02-08T11:03:01.000000Z"}]}