{"vulnerability": "cve-2024-1015", "sightings": [{"uuid": "6484c059-60df-436f-8b51-3fb21afd7e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113791241171697923", "content": "", "creation_timestamp": "2025-01-08T06:09:06.699434Z"}, {"uuid": "908aaecf-803a-427a-b1fc-ea64ca6d0724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf7j75mbtl2d", "content": "", "creation_timestamp": "2025-01-08T06:15:37.635085Z"}, {"uuid": "bbd5c32e-7a53-41ca-b65a-09cf690027be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf7khytevf2e", "content": "", "creation_timestamp": "2025-01-08T06:38:27.904388Z"}, {"uuid": "963957d9-0b2c-4394-be36-7c9135756004", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/666", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10151\n\ud83d\udd39 Description: The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.\n\ud83d\udccf Published: 2025-01-08T06:00:12.427Z\n\ud83d\udccf Modified: 2025-01-08T06:00:12.427Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/487facf7-8880-48b3-b1b2-0d09823d3c46/", "creation_timestamp": "2025-01-08T06:38:12.000000Z"}, {"uuid": "deab154b-2223-46de-9d5b-7210a79401f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-10152.yaml", "content": "", "creation_timestamp": "2026-02-11T14:55:22.000000Z"}, {"uuid": "74edeb0e-6662-4c8b-a4e0-23da24275cde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3meovccvdjs2j", "content": "", "creation_timestamp": "2026-02-12T21:03:14.403008Z"}, {"uuid": "3236f05d-d59c-4b68-8bd7-f689c0d6e262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10152", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5474", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10152\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n\ud83d\udccf Published: 2025-02-26T06:00:02.971Z\n\ud83d\udccf Modified: 2025-02-26T06:00:02.971Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/b4d17da2-4c47-4fd1-a6bd-6692b07cf710/", "creation_timestamp": "2025-02-26T06:25:31.000000Z"}, {"uuid": "e0c76e77-669d-4543-87dd-4d4b1e95c027", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10153", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7717", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10153\n\ud83d\udd25 CVSS Score: 5.3 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument bookingdatefrom/nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.\n\ud83d\udccf Published: 2024-10-19T18:00:09.081Z\n\ud83d\udccf Modified: 2025-03-16T17:15:23.804Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.280939\n2. https://vuldb.com/?ctiid.280939\n3. https://vuldb.com/?submit.425365\n4. https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_book_boat_sqli.md\n5. https://phpgurukul.com/", "creation_timestamp": "2025-03-16T17:46:16.000000Z"}, {"uuid": "f7a3ecca-64bd-4d17-8894-0a8bea4c92eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10151", "type": "seen", "source": "https://t.me/cvedetector/14660", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10151 - WordPress Auto iFrame Stored Cross-Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10151 \nPublished : Jan. 8, 2025, 6:15 a.m. | 40\u00a0minutes ago \nDescription : The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"08 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-08T08:17:26.000000Z"}, {"uuid": "6d9400bb-ae5a-41c4-bd24-07378a130755", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10157", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10189", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10157\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username/mobileno leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2024-10-19T22:31:05.359Z\n\ud83d\udccf Modified: 2025-04-03T06:46:01.796Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.280943\n2. https://vuldb.com/?ctiid.280943\n3. https://vuldb.com/?submit.425399\n4. https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_admin_password_recovery_sqli.md\n5. https://phpgurukul.com/", "creation_timestamp": "2025-04-03T07:34:24.000000Z"}, {"uuid": "fe1c09cc-41a6-4004-a733-0fe91c5c4919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10155", "type": "seen", "source": "https://t.me/cvedetector/8369", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10155 - PHPGurukul Boat Booking System Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10155 \nPublished : Oct. 19, 2024, 9:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument phone_number leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T23:51:23.000000Z"}, {"uuid": "d349886d-a85e-4323-be50-bdb59fd2c011", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10154", "type": "seen", "source": "https://t.me/cvedetector/8368", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10154 - PHPGurukul Boat Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10154 \nPublished : Oct. 19, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file status.php of the component Check Booking Status Page. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T22:11:01.000000Z"}, {"uuid": "d3ab60b7-1409-4474-bf0f-30e1b6c527f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10153", "type": "seen", "source": "https://t.me/cvedetector/8367", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10153 - PHPGurukul Boat Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10153 \nPublished : Oct. 19, 2024, 6:15 p.m. | 44\u00a0minutes ago \nDescription : A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file book-boat.php?bid=1 of the component Book a Boat Page. The manipulation of the argument nopeople leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T21:20:50.000000Z"}, {"uuid": "bd5c7913-09b6-446e-b632-c30a09e66fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10158", "type": "seen", "source": "https://t.me/cvedetector/8372", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10158 - PHPGurukul Boat Booking System Session Fixiation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10158 \nPublished : Oct. 19, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 4.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T01:31:46.000000Z"}, {"uuid": "116c919c-e1f3-4254-b157-90b9f913711e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10157", "type": "seen", "source": "https://t.me/cvedetector/8371", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10157 - PHPGurukul Boat Booking System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10157 \nPublished : Oct. 19, 2024, 11:15 p.m. | 16\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/password-recovery.php of the component Reset Your Password Page. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T01:31:46.000000Z"}, {"uuid": "46b4d564-45ce-4f0e-8bbb-35188242d64a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10156", "type": "seen", "source": "https://t.me/cvedetector/8370", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10156 - PHPGurukul Boat Booking System SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-10156 \nPublished : Oct. 19, 2024, 9:15 p.m. | 35\u00a0minutes ago \nDescription : A vulnerability was found in PHPGurukul Boat Booking System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Sign In Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-19T23:51:23.000000Z"}, {"uuid": "7798bebc-b730-432d-92cf-a7ea710c1900", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10159", "type": "seen", "source": "https://t.me/cvedetector/8373", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10159 - PHPGurukul Boat Booking System My Profile Page Remote SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10159 \nPublished : Oct. 20, 2024, 12:15 a.m. | 33\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in PHPGurukul Boat Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/profile.php of the component My Profile Page. The manipulation of the argument sadminusername/fullname/emailid/mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"mobilenumber\" to be affected. But it must be assumed that other parameters are affected as well. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"20 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-20T03:12:25.000000Z"}, {"uuid": "06008a7f-461f-4e19-af7a-258335c8d63b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1015", "type": "seen", "source": "https://t.me/ctinow/175314", "content": "https://ift.tt/bEPSzMO\nCVE-2024-1015", "creation_timestamp": "2024-01-29T15:26:29.000000Z"}, {"uuid": "64159222-2fb1-4b80-8e7d-d34a2d0c8bf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10150", "type": "seen", "source": "https://t.me/cvedetector/8909", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10150 - Bamazoo - Button Generator Stored Cross-Site Scripting Vulnerability in WordPress Plugin\", \n  \"Content\": \"CVE ID : CVE-2024-10150 \nPublished : Oct. 25, 2024, 8:15 a.m. | 42\u00a0minutes ago \nDescription : The Bamazoo \u2013 Button Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's dgs shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. \nSeverity: 6.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T11:13:46.000000Z"}]}