{"vulnerability": "CVE-2023-3876", "sightings": [{"uuid": "237fc92c-6f0a-4a4d-bae4-870866ad56d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38761", "type": "seen", "source": "https://t.me/cibsecurity/68020", "content": "\u203c CVE-2023-38761 \u203c\n\nCross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:57.000000Z"}, {"uuid": "047a182b-f36c-4dc3-9ba9-1ae90b6a8593", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38767", "type": "seen", "source": "https://t.me/cibsecurity/68016", "content": "\u203c CVE-2023-38767 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:29.000000Z"}, {"uuid": "c307c537-a631-4b54-b7e0-06dc1f713ee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38765", "type": "seen", "source": "https://t.me/cibsecurity/68005", "content": "\u203c CVE-2023-38765 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:15.000000Z"}, {"uuid": "ebd25aad-8ce8-4bc0-95db-a58860a5b0aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38764", "type": "seen", "source": "https://t.me/cibsecurity/68013", "content": "\u203c CVE-2023-38764 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:26.000000Z"}, {"uuid": "258c4d8c-c2b8-4087-9a7d-b52698cd0416", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38769", "type": "seen", "source": "https://t.me/cibsecurity/68011", "content": "\u203c CVE-2023-38769 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:24.000000Z"}, {"uuid": "29114618-96ce-4d34-bf3e-e9712db78766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38766", "type": "seen", "source": "https://t.me/cibsecurity/68018", "content": "\u203c CVE-2023-38766 \u203c\n\nCross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:34.000000Z"}, {"uuid": "85549890-3786-4602-a177-aa1da767ac51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38760", "type": "seen", "source": "https://t.me/cibsecurity/68017", "content": "\u203c CVE-2023-38760 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:33.000000Z"}, {"uuid": "2164131e-2df1-4763-ad17-f851cad3b752", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38768", "type": "seen", "source": "https://t.me/cibsecurity/68010", "content": "\u203c CVE-2023-38768 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:23.000000Z"}, {"uuid": "65eb5757-6ed9-48c9-bc85-32a330081821", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38762", "type": "seen", "source": "https://t.me/cibsecurity/68009", "content": "\u203c CVE-2023-38762 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:22.000000Z"}, {"uuid": "4f5abe3d-b47d-4a76-ae0c-b8c554945029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-38763", "type": "seen", "source": "https://t.me/cibsecurity/68003", "content": "\u203c CVE-2023-38763 \u203c\n\nSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T20:14:13.000000Z"}, {"uuid": "20fba2b4-e87c-4a8e-8645-698122471f0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3876", "type": "seen", "source": "https://t.me/cibsecurity/67204", "content": "\u203c CVE-2023-3876 \u203c\n\nA vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235238 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-25T07:37:21.000000Z"}]}