{"vulnerability": "CVE-2023-2686", "sightings": [{"uuid": "d3107fd8-706c-467b-990e-f29dfa7128bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26860", "type": "seen", "source": "https://t.me/cibsecurity/61743", "content": "\u203c CVE-2023-26860 \u203c\n\nSQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-10T16:32:58.000000Z"}, {"uuid": "45e9c262-5bfe-4f6b-9d3e-7780a3201e85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26866", "type": "seen", "source": "https://t.me/cibsecurity/61388", "content": "\u203c CVE-2023-26866 \u203c\n\nGreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-04T16:30:42.000000Z"}, {"uuid": "4a3eaba0-36a1-4380-ad28-65eae66b225b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26861", "type": "seen", "source": "https://t.me/cibsecurity/66410", "content": "\u203c CVE-2023-26861 \u203c\n\nSQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-11T20:29:49.000000Z"}, {"uuid": "4ae5c817-bb53-4a37-a7d2-860cc500d179", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26865", "type": "seen", "source": "https://t.me/cibsecurity/62750", "content": "\u203c CVE-2023-26865 \u203c\n\nSQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T22:19:43.000000Z"}, {"uuid": "c8eaa103-b3a0-4523-a405-0724c4d11934", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26860", "type": "seen", "source": "Telegram/AQvGy8GeiDGYJIGhrkmaQRcbk9INTvhUeVH4Q3PLr71PnmAl", "content": "", "creation_timestamp": "2025-02-14T10:03:10.000000Z"}, {"uuid": "2f13aa94-3024-4a96-a9f8-29d173648270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-26864", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/4979", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-26864\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.\n\ud83d\udccf Published: 2023-03-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-21T19:22:18.783Z\n\ud83d\udd17 References:\n1. https://friends-of-presta.github.io/security-advisories/modules/2023/01/17/smplredirectionsmanager.html", "creation_timestamp": "2025-02-21T20:18:22.000000Z"}]}