{"vulnerability": "cve-2023-2962", "sightings": [{"uuid": "694065ef-8348-45fb-95f5-dfc4d65c6da6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2962", "type": "seen", "source": "https://t.me/cibsecurity/64762", "content": "\u203c CVE-2023-2962 \u203c\n\nA vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-24T16:52:11.000000Z"}, {"uuid": "74609cfe-e23e-4acf-b718-e810eae3873d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29623", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5619", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29623\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n\ud83d\udccf Published: 2023-04-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T21:07:21.132Z\n\ud83d\udd17 References:\n1. https://portswigger.net/web-security/cross-site-scripting/reflected\n2. https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected", "creation_timestamp": "2025-02-26T21:25:37.000000Z"}, {"uuid": "281b4dd8-02d8-4652-8640-9f21d196ebe6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29622", "type": "seen", "source": "https://t.me/cibsecurity/62108", "content": "\u203c CVE-2023-29622 \u203c\n\nPurchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:40.000000Z"}, {"uuid": "0e37bbf5-1a9b-4ef2-8a1c-fb7c0d9a2a05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29621", "type": "seen", "source": "https://t.me/cibsecurity/62105", "content": "\u203c CVE-2023-29621 \u203c\n\nPurchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:38.000000Z"}, {"uuid": "ee32c145-175e-4ce3-a8d2-b1001186e30f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29623", "type": "seen", "source": "https://t.me/cibsecurity/62104", "content": "\u203c CVE-2023-29623 \u203c\n\nPurchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:37.000000Z"}, {"uuid": "e97eba16-05c9-473e-a7b9-9d30588d51c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29626", "type": "seen", "source": "https://t.me/cibsecurity/62109", "content": "\u203c CVE-2023-29626 \u203c\n\nYoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:41.000000Z"}, {"uuid": "a300a46f-55f6-430a-acac-8055f82faff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29625", "type": "seen", "source": "https://t.me/cibsecurity/62111", "content": "\u203c CVE-2023-29625 \u203c\n\nEmployee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:55.000000Z"}, {"uuid": "3d3903d6-d817-44ed-be31-9b1a8cc68611", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29627", "type": "seen", "source": "https://t.me/cibsecurity/62101", "content": "\u203c CVE-2023-29627 \u203c\n\nOnline Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T07:30:34.000000Z"}]}