{"vulnerability": "CVE-2023-2685", "sightings": [{"uuid": "5b50b0f5-99b5-444f-a140-1363652370ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26858", "type": "seen", "source": "https://t.me/cibsecurity/61283", "content": "\u203c CVE-2023-26858 \u203c\n\nSQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-01T00:22:21.000000Z"}, {"uuid": "4d9c64ec-7b32-44bc-a473-9f5b00822ecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26852", "type": "seen", "source": "Telegram/dBXTJYbzUl-bGZzeTYz4E9_HF2Jc5_dupleyReR_rDjDxwhO", "content": "", "creation_timestamp": "2025-02-14T10:00:27.000000Z"}, {"uuid": "647e1696-fe2a-48ef-b331-472d0e2fbe66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26852", "type": "seen", "source": "https://t.me/cibsecurity/61977", "content": "\u203c CVE-2023-26852 \u203c\n\nAn arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-12T20:23:19.000000Z"}, {"uuid": "1d48b965-ff3b-4a3f-973d-bbe8fe866557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26857", "type": "seen", "source": "https://t.me/cibsecurity/61460", "content": "\u203c CVE-2023-26857 \u203c\n\nAn arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T18:40:07.000000Z"}, {"uuid": "f62ad648-8a7a-49a8-92ec-9644db369283", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26856", "type": "seen", "source": "https://t.me/cibsecurity/61464", "content": "\u203c CVE-2023-26856 \u203c\n\nDynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T18:40:11.000000Z"}, {"uuid": "c2a04950-7fa9-4dbb-8fa3-8c161fba42c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-26855", "type": "seen", "source": "https://t.me/cibsecurity/61368", "content": "\u203c CVE-2023-26855 \u203c\n\nThe hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T19:51:50.000000Z"}]}