{"vulnerability": "CVE-2023-3789", "sightings": [{"uuid": "35e0ac09-d167-4058-86bc-1b1a3ade59e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37895", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3lydjlhyrus2p", "content": "", "creation_timestamp": "2025-09-08T15:31:53.504673Z"}, {"uuid": "aec933b2-82ef-42cc-a15c-ccae5f59fa2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37890", "type": "seen", "source": "Telegram/tkdqC6dSETRJE_JgfCTBswR4J4zsBkKZJVYg6_ch071PLFOj", "content": "", "creation_timestamp": "2025-02-14T10:01:39.000000Z"}, {"uuid": "e23adef9-d3e7-4871-9959-b120d5ae7ce0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37890", "type": "seen", "source": "https://t.me/ctinow/157544", "content": "https://ift.tt/Mbuy4AF\nCVE-2023-37890 | WPOmnia KB Support Plugin up to 1.5.88 on WordPress authorization", "creation_timestamp": "2023-12-21T09:12:02.000000Z"}, {"uuid": "bef016b5-f242-4785-ade5-9033e530e952", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37893", "type": "seen", "source": "https://t.me/cibsecurity/69643", "content": "\u203c CVE-2023-37893 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin &lt;=\u00c2\u00a02.2.4 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-01T16:15:02.000000Z"}, {"uuid": "dc20a34b-dd71-4894-8817-50a464f1991b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37892", "type": "seen", "source": "https://t.me/cibsecurity/66896", "content": "\u203c CVE-2023-37892 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin &lt;=\u00c2\u00a06.0.8 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-18T16:31:08.000000Z"}, {"uuid": "38682f4c-4b2a-4792-a8ac-61eec4d58c46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37897", "type": "seen", "source": "https://t.me/cibsecurity/66958", "content": "\u203c CVE-2023-37897 \u203c\n\nGrav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\\\`). The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\\` symbol is found in the `$name`. This vulnerability can be exploited if the attacker has access to: 1. an Administrator account, or 2. a non-administrator, user account that has Admin panel access and Create/Update page permissions. A fix for this vulnerability has been introduced in commit `b4c6210` and is included in release version `1.7.42.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-19T00:36:16.000000Z"}, {"uuid": "5e6a2228-71ab-42b4-b3aa-113d26d3f623", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3789", "type": "seen", "source": "https://t.me/cibsecurity/67047", "content": "\u203c CVE-2023-3789 \u203c\n\nA vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-20T20:32:42.000000Z"}, {"uuid": "6279b8f1-43b4-46b6-b8fb-ede0d438fa86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37896", "type": "seen", "source": "https://t.me/cibsecurity/67776", "content": "\u203c CVE-2023-37896 \u203c\n\nNuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T20:41:06.000000Z"}, {"uuid": "0a09dd2d-ba08-451f-8b27-3a142d1703bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37894", "type": "seen", "source": "https://t.me/cibsecurity/67334", "content": "\u203c CVE-2023-37894 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin &lt;=\u00c2\u00a02.3.3 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-27T18:29:00.000000Z"}, {"uuid": "c72a3343-05d6-446d-946c-d40788de7c56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37895", "type": "seen", "source": "https://t.me/cibsecurity/67247", "content": "\u203c CVE-2023-37895 \u203c\n\nJava object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component \"commons-beanutils\", which contains a class that can be used for remote code execution over RMI.Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like \"netstat\" can be used to check.RMI-over-HTTP in Jackrabbit by default uses the path \"/rmi\". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 RMI\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 org.apache.jackrabbit.servlet.remote.RemoteBindingServlet\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 RMI\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 /rmi\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 Find the bootstrap.properties file (in $REPOSITORY_HOME), and set\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 rmi.enabled=false\u00c2\u00a0 \u00c2\u00a0 and also remove\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 rmi.host\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 rmi.port\u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 \u00c2\u00a0 rmi.url-pattern\u00c2\u00a0If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\u00c2\u00a0\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T18:27:02.000000Z"}, {"uuid": "b27e42e7-fa84-420d-a881-92737ac327c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37895", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1092", "content": "https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/\nCVE-2023-37895: Apache Jackrabbit RMI RCE\n#\u5206\u6790", "creation_timestamp": "2023-09-24T08:35:03.000000Z"}, {"uuid": "b49133c2-a4e9-4253-b76c-c3ca9e97935b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37895", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8992", "content": "#exploit\n1. CVE-2023-37895:\nApache Jackrabbit RMI RCE\nhttps://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce\n\n2. CVE-2023-3389:\nLinkedPoll - UaF in the Linux Kernel io_uring subsystem\nhttps://qyn.app/posts/CVE-2023-3389", "creation_timestamp": "2023-09-09T12:36:01.000000Z"}]}