{"vulnerability": "CVE-2023-2885", "sightings": [{"uuid": "a489009a-c7b1-41e6-948d-8685a4bfd76a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28858", "type": "seen", "source": "https://t.me/BABATATASASA/5510", "content": "JsonWebToken (CVE-2022-23529).\nChatGPT (CVE-2023-28858).\nApache Superset (CVE-2023-27524).\nPaperCut NG/MF (CVE-2023-27350).\nFortinet FortiOS (CVE-2022-41328).\nAdobe ColdFusion (CVE-2023-26360).\nMOVEit vulnerability (CVE-2023-34362).", "creation_timestamp": "2023-09-25T15:05:09.000000Z"}, {"uuid": "0e978d44-03d1-4c00-a751-d36ce9e77b8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28855", "type": "seen", "source": "https://t.me/cibsecurity/61492", "content": "\u203c CVE-2023-28855 \u203c\n\nFields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-05T22:38:08.000000Z"}, {"uuid": "3e29d33f-ebcb-4971-b764-cb91a76b377c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28854", "type": "seen", "source": "https://t.me/cibsecurity/61346", "content": "\u203c CVE-2023-28854 \u203c\n\nnophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as `env_patchsample230330.php` to env.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:24:52.000000Z"}, {"uuid": "549f92d4-93d1-41d5-a242-c55f2d042ae9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28857", "type": "seen", "source": "Telegram/RfTGg8vUSrTOLkdtujYVvLWm77KzWfIbncFgZxMk7p_wdtg", "content": "", "creation_timestamp": "2023-08-23T03:33:23.000000Z"}, {"uuid": "c3e93ebc-c2cf-4d72-b25b-b7b83569a8d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28858", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/4049", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aThis PoC demonstrates the vulnerability described in CVE-2023-28858\nURL\uff1ahttps://github.com/improbably-you/poc_cve_2023_28858\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-26T22:14:06.000000Z"}, {"uuid": "ab31bad0-1d6e-4d1f-9e4b-a1a558fb9ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28851", "type": "seen", "source": "https://t.me/cibsecurity/61349", "content": "\u203c CVE-2023-28851 \u203c\n\nSilverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:24:58.000000Z"}, {"uuid": "2dbbb8b4-0ffd-41e1-b0c0-4f50ac94f65b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-28850", "type": "seen", "source": "https://t.me/cibsecurity/61354", "content": "\u203c CVE-2023-28850 \u203c\n\nPimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-03T22:25:05.000000Z"}]}