{"vulnerability": "CVE-2023-3891", "sightings": [{"uuid": "5eade2c6-b4fd-4036-b7f7-b0dd38e8a9a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38913", "type": "seen", "source": "https://gist.github.com/nguyenkhanhthuan/03ce706686508b14506d38788c754dfb", "content": "", "creation_timestamp": "2025-12-11T02:16:03.000000Z"}, {"uuid": "80d746f3-8f28-4407-b1ce-9e81cdb48d78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38912", "type": "seen", "source": "https://t.me/cibsecurity/70564", "content": "\u203c CVE-2023-38912 \u203c\n\nSQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-15T00:24:51.000000Z"}, {"uuid": "6e971fae-384b-4068-8f1a-d91f8e3539ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38911", "type": "seen", "source": "https://t.me/cibsecurity/68845", "content": "\u203c CVE-2023-38911 \u203c\n\nA Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T22:38:28.000000Z"}, {"uuid": "2764802e-ed49-46c9-b3fe-49e23689845c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38916", "type": "seen", "source": "https://t.me/cibsecurity/68547", "content": "\u203c CVE-2023-38916 \u203c\n\nSQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T20:30:44.000000Z"}, {"uuid": "c5044ced-4e3c-47db-a356-bac4bf9bd419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38915", "type": "seen", "source": "https://t.me/cibsecurity/68550", "content": "\u203c CVE-2023-38915 \u203c\n\nFile Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-15T20:30:47.000000Z"}, {"uuid": "5707c34d-8ef8-4133-8363-980be5c9d407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-38910", "type": "seen", "source": "https://t.me/cibsecurity/68843", "content": "\u203c CVE-2023-38910 \u203c\n\nCSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-18T22:38:26.000000Z"}]}