{"vulnerability": "cve-2023-2869", "sightings": [{"uuid": "aa4a34d3-5375-4776-868d-178596838738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2869", "type": "seen", "source": "https://bsky.app/profile/thewhynet.bsky.social/post/3llyer2dsli2p", "content": "", "creation_timestamp": "2025-04-04T12:03:52.823457Z"}, {"uuid": "aa0405d4-74cd-47ea-97e7-3f9ee6676b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28699", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/757", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28699\n\ud83d\udd39 Description: Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-01-08T18:01:15.762Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-7102-41ab8-1.html", "creation_timestamp": "2025-01-08T18:16:16.000000Z"}, {"uuid": "16de082f-41f9-4cea-b4af-9d1efef9487c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28698", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/756", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-28698\n\ud83d\udd39 Description: Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.\n\ud83d\udccf Published: 2023-06-02T00:00:00\n\ud83d\udccf Modified: 2025-01-08T18:01:40.370Z\n\ud83d\udd17 References:\n1. https://www.twcert.org.tw/tw/cp-132-7101-f88db-1.html", "creation_timestamp": "2025-01-08T18:15:31.000000Z"}, {"uuid": "0813b57d-8cdf-4145-8c76-5e86daa18de3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28692", "type": "seen", "source": "https://t.me/cibsecurity/69467", "content": "\u203c CVE-2023-28692 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <=\u00c2\u00a02.6.3 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T20:12:27.000000Z"}, {"uuid": "70fd5e55-238c-4648-82b6-95c7a5b0fec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28693", "type": "seen", "source": "https://t.me/cibsecurity/68757", "content": "\u203c CVE-2023-28693 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <=\u00c2\u00a01.0 version.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-17T18:37:24.000000Z"}, {"uuid": "ea51d336-3eef-4574-88b5-f9cd592072af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-28697", "type": "seen", "source": "https://t.me/cibsecurity/62956", "content": "\u203c CVE-2023-28697 \u203c\n\nMoxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T07:39:50.000000Z"}]}