{"vulnerability": "cve-2023-3985", "sightings": [{"uuid": "5fc30d2b-b96b-46dc-8620-940526bd5dcd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39854", "type": "seen", "source": "https://t.me/cibsecurity/71814", "content": "\u203c CVE-2023-39854 \u203c\n\nThe web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T12:15:59.000000Z"}, {"uuid": "91780cdc-1d3b-4178-a9b0-3466e07b3cc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39850", "type": "seen", "source": "https://t.me/arpsyndicate/2450", "content": "#ExploitObserverAlert\n\nCVE-2023-39850\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39850. Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.\n\nFIRST-EPSS: 0.000760000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-04T11:40:23.000000Z"}, {"uuid": "fab0be61-6dd5-4101-9618-2c22e62fb304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39853", "type": "seen", "source": "https://t.me/ctinow/173180", "content": "https://ift.tt/wQj5i68\nCVE-2023-39853 | Dzzoffice 2.01 Network Disk Backend doobj/doevent sql injection", "creation_timestamp": "2024-01-25T00:21:22.000000Z"}, {"uuid": "478175fe-2546-4f0e-9748-0360d4983cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39853", "type": "seen", "source": "https://t.me/ctinow/166653", "content": "https://ift.tt/nBqyYoK\nCVE-2023-39853 Exploit", "creation_timestamp": "2024-01-11T17:17:11.000000Z"}, {"uuid": "62abf633-a895-4240-9483-bc33d70b08fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3985", "type": "seen", "source": "https://t.me/cibsecurity/67371", "content": "\u203c CVE-2023-3985 \u203c\n\nA vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-28T12:29:35.000000Z"}, {"uuid": "8968c322-0442-40ae-a4f9-489da407963c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39853", "type": "seen", "source": "https://t.me/ctinow/163819", "content": "https://ift.tt/bWJA1Pw\nCVE-2023-39853", "creation_timestamp": "2024-01-06T05:31:41.000000Z"}, {"uuid": "2270419b-cfc2-4314-bf17-5228e854dac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39850", "type": "seen", "source": "https://t.me/cibsecurity/68613", "content": "\u203c CVE-2023-39850 \u203c\n\nSchoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T02:30:52.000000Z"}, {"uuid": "88ab1720-3c63-4c30-84f1-3a6b97562184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39851", "type": "seen", "source": "https://t.me/cibsecurity/68610", "content": "\u203c CVE-2023-39851 \u203c\n\nwebchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T02:30:49.000000Z"}, {"uuid": "2b6d4f3c-09bb-483a-b757-055f0dc38f43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39852", "type": "seen", "source": "https://t.me/cibsecurity/68609", "content": "\u203c CVE-2023-39852 \u203c\n\nDoctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-16T00:30:52.000000Z"}]}