{"vulnerability": "CVE-2023-2725", "sightings": [{"uuid": "1efd1437-fa37-47b6-9695-638a07c57720", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2725", "type": "seen", "source": "https://t.me/cibsecurity/64249", "content": "\u203c CVE-2023-2725 \u203c\n\nUse after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:41.000000Z"}, {"uuid": "0d5493ce-1b44-45fc-a20a-3aa15103ed33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "seen", "source": "https://t.me/cibsecurity/60279", "content": "\u203c CVE-2023-27253 \u203c\n\nA command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-18T01:31:52.000000Z"}, {"uuid": "36700fdc-b973-4a19-8619-7371606aa17f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27250", "type": "seen", "source": "https://t.me/cibsecurity/60124", "content": "\u203c CVE-2023-27250 \u203c\n\nOnline Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-16T15:30:47.000000Z"}, {"uuid": "440e0507-1ec7-4896-a0a3-5d28a06f091d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "7640dad9-54e8-46ef-87a4-1b1797c360b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:52.000000Z"}, {"uuid": "7606fcda-eb1e-458d-b890-0321235c9aa3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/pfsense_config_data_exec.rb", "content": "", "creation_timestamp": "2023-07-12T18:53:26.000000Z"}, {"uuid": "73447550-e6b5-47b2-adc9-62b391910056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5508", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27253\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.\n\ud83d\udccf Published: 2023-03-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T14:58:43.600Z\n\ud83d\udd17 References:\n1. https://redmine.pfsense.org/issues/13935\n2. https://github.com/pfsense/pfsense/commit/ca80d18493f8f91b21933ebd6b714215ae1e5e94\n3. http://packetstormsecurity.com/files/173487/pfSense-Restore-RRD-Data-Command-Injection.html", "creation_timestamp": "2025-02-26T15:26:11.000000Z"}, {"uuid": "d2c8b3d5-45b1-450f-934b-7b600e23c9ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27254", "type": "seen", "source": "https://t.me/cibsecurity/72889", "content": "\u203c CVE-2023-27254 \u203c\n\nUnauthenticated SQL injection in the GetRoomChanges method in IDAttend\u00e2\u20ac\u2122s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-25T22:52:42.000000Z"}, {"uuid": "1fcfdf09-e827-4bc5-b32d-44ea106a8f75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27253", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:45.000000Z"}]}