{"vulnerability": "cve-2023-4534", "sightings": [{"uuid": "9325dba6-56e2-400f-9202-1522c65ef770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45344", "type": "seen", "source": "https://t.me/cibsecurity/73452", "content": "\u203c CVE-2023-45344 \u203c\n\nOnline Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:59.000000Z"}, {"uuid": "bbbb397d-8ee1-4085-86ba-89ec7fad1295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45340", "type": "seen", "source": "https://t.me/cibsecurity/73445", "content": "\u203c CVE-2023-45340 \u203c\n\nOnline Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:50.000000Z"}, {"uuid": "d0328b1c-b30e-42b5-9c6c-e0b356483953", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45342", "type": "seen", "source": "https://t.me/cibsecurity/73438", "content": "\u203c CVE-2023-45342 \u203c\n\nOnline Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:40.000000Z"}, {"uuid": "18ca7ba4-cc7e-4612-bd74-c2577d021313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45346", "type": "seen", "source": "https://t.me/cibsecurity/73437", "content": "\u203c CVE-2023-45346 \u203c\n\nOnline Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:39.000000Z"}, {"uuid": "e3a65e0b-008a-4636-b3eb-aa74171707e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45345", "type": "seen", "source": "https://t.me/cibsecurity/73436", "content": "\u203c CVE-2023-45345 \u203c\n\nOnline Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-02T17:22:38.000000Z"}, {"uuid": "3416eed6-c907-43af-8185-8e6fd143d0cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45348", "type": "seen", "source": "https://t.me/cibsecurity/72280", "content": "\u203c CVE-2023-45348 \u203c\n\nApache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the \"expose_config\" option is set to \"non-sensitive-only\". The `expose_config` option is False by default.It is recommended to upgrade to a version that is not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-14T14:29:46.000000Z"}, {"uuid": "a40c2e63-8fa9-42db-985c-8b393a945ec9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45349", "type": "seen", "source": "https://t.me/cibsecurity/71798", "content": "\u203c CVE-2023-45349 \u203c\n\nAtos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-09T07:15:39.000000Z"}, {"uuid": "00bbaa56-f0ac-4a62-8f6a-3d9d8a4fa413", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45348", "type": "seen", "source": "https://t.me/cibsecurity/72788", "content": "\u203c CVE-2023-46288 \u203c\n\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config\u00c2\u00a0option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config\u00c2\u00a0to non-sensitive-only\u00c2\u00a0configuration. This is a different error than CVE-2023-45348\u00c2\u00a0which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes\u00c2\u00a0CVE-2023-45348.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-23T22:37:41.000000Z"}]}