{"vulnerability": "CVE-2023-30145", "sightings": [{"uuid": "a2ea8801-fc48-4fa9-894d-aba69dadcbf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30145", "type": "seen", "source": "https://t.me/arpsyndicate/2871", "content": "#ExploitObserverAlert\n\nCVE-2023-30145\n\nDESCRIPTION: Exploit Observer has 11 entries in 3 file formats related to CVE-2023-30145. Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.\n\nFIRST-EPSS: 0.015460000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-16T18:44:46.000000Z"}, {"uuid": "9aba932c-2670-4cf9-ac1b-b92440183157", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30145", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3064", "content": "Tools - Hackers Factory \n\nJira-Scan\n\nProvide a list of websites to test with out the http or https and this will test each one for the SSRF vun.\n\nhttps://github.com/random-robbie/Jira-Scan\n\n#infosec #pentesting #bugbounty\n\ns3reverse\n\nThe format of various s3 buckets is convert in one format. for #bugbounty and security testing.\n\nhttps://github.com/hahwul/s3reverse\n\n#cybersecurity #infosec\n\nLogger++ \n\nA multithreaded logging extension for #BurpSuite. In addition to logging requests and responses from all Burp Suite tools, the extension allows advanced filters to be defined to highlight interesting entries or filter logs to only those which match the filter.\n\nhttps://github.com/nccgroup/LoggerPlusPlus\n\n#infosec #pentesting #bugbounty\n\nTop25 Parameter \n\nFor basic researches, top 25 vulnerability parameters that can be used in automation tools or manual #recon.\n\nhttps://github.com/lutfumertceylan/top25-parameter\n\n#infosec #pentesting #bugbounty\n\nLOOBins\n\nLiving Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in \"living off the land\" macOS binaries and how they can be used by threat actors for malicious purposes.\n\nhttps://github.com/infosecB/LOOBins\n\nWeb:\nhttps://www.loobins.io/\n\n#infosec #blueteam\n\ncodeexplain.nvim\n\nA nvim plugin Powered by GPT4ALL for Real-time Code Explanation and Vulnerability Detection (no internet necessary).\n\nhttps://github.com/mthbernardes/codeexplain.nvim\n\n#cybersecurity #infosec\n\nCVE-2020-0683\n\nOriginal Poc sent to MSRC. Assigned to CVE-2020-0683 - Windows Installer Elevation of Privilege.\n\nhttps://github.com/padovah4ck/CVE-2020-0683\n\n#cve #cybersecurity #infosec\n\nCVE-2023-2825\n\nOn May 23, 2023 GitLab released version 16.0.1 which fixed a critical vulnerability, CVE-2023-2825, affecting the Community Edition (CE) and Enterprise Edition (EE) version 16.0.0. The vulnerability allows unauthenticated users to read arbitrary files through a path traversal bug. It was discovered by pwnie on HackerOne through the bug bounty program.\n\nhttps://github.com/Occamsec/CVE-2023-2825\n\n#cve #cybersecurity #infosec\n\n\ud83d\ude80 AllForOne\n\nThis repository contains a Python script that allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories, helping to streamline the process of downloading multiple templates using just a single repository.\n\nhttps://github.com/AggressiveUser/AllForOne\n\n#infosec #pentesting #bugbounty\n\nCVE-2023-2732\n\nMStore API <= 3.9.2 - Authentication Bypass\n\nhttps://github.com/RandomRobbieBF/CVE-2023-2732\n\n#cve #cybersecurity #infosec\n\nCVE-2023-30145\n\nCamaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.\n\nhttps://github.com/paragbagul111/CVE-2023-30145\n\n#cve #cybersecurity #infosec\n\nWhatMail\n\nA command-line tool that analyzes the header of an email and provides detailed information about various fields.\n\nhttps://github.com/z0m31en7/WhatMail\n\n#OSINT #cybersecurity #infosec\n\nlibslub\n\nlibslub is a python library to examine the SLUB managements structures and object allocations (the Linux kernel heap implementation). It is currently designed for use with GDB but could easily be adapted to work with other debuggers.\n\nIt helps understanding SLUB internals and developing Linux kernel exploits.\n\nhttps://github.com/nccgroup/libslub\n\n#cybersecurity #infosec\n\nHidden Desktop BOF\n\nHidden Desktop (often referred to as HVNC) is a tool that allows operators to interact with a remote desktop session without the user knowing.\u00a0 The VNC protocol is not involved, but the result is a similar experience. This Cobalt Strike BOF implementation was created as an alternative to TinyNuke/forks that are written in C++.\n\nhttps://github.com/WKL-Sec/HiddenDesktop\n\n#infosec #pentesting #redteam\n\nBlackout \n\nKill anti-malware protected processes using BYOVD. leveraging gmer driver to effectively disabling or killing EDRs and AVs.\n\nhttps://github.com/ZeroMemoryEx/Blackout\n\n#infosec \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-26T17:58:27.000000Z"}, {"uuid": "88efdad7-dc64-4149-8fba-fc5b50547b08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30145", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8368", "content": "#exploit\n1. CVE-2020-0683:\nWindows MSI \"Installer service\" EoP\nhttps://github.com/padovah4ck/CVE-2020-0683\n\n2. CVE-2023-30145:\nCamaleon CMS v2.7.0 - SSTI vulnerability\nhttps://github.com/paragbagul111/CVE-2023-30145\n\n3. CVE-2023-2732:\nMStore API <=3.9.2 - Authentication Bypass\nhttps://github.com/RandomRobbieBF/CVE-2023-2732", "creation_timestamp": "2023-05-26T11:05:13.000000Z"}, {"uuid": "8233bf6b-8466-43e9-b2ee-44e99d811c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30145", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51489", "content": "", "creation_timestamp": "2023-05-26T00:00:00.000000Z"}, {"uuid": "107006cb-f89f-4b0b-b2ab-a4e926d52b06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30145", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1972", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30145\n\ud83d\udd39 Description: Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.\n\ud83d\udccf Published: 2023-05-26T00:00:00\n\ud83d\udccf Modified: 2025-01-16T16:18:14.452Z\n\ud83d\udd17 References:\n1. https://portswigger.net/research/server-side-template-injection\n2. https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection\n3. https://drive.google.com/file/d/11MsSYqUnDRFjcwbQKJeL9Q8nWpgVYf2r/view?usp=share_link\n4. https://github.com/paragbagul111/CVE-2023-30145\n5. http://packetstormsecurity.com/files/172593/Camaleon-CMS-2.7.0-Server-Side-Template-Injection.html", "creation_timestamp": "2025-01-16T16:55:31.000000Z"}]}