{"vulnerability": "CVE-2024-2527", "sightings": [{"uuid": "6c2890e0-e790-49d8-aeda-8c3e65c825fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25270", "type": "seen", "source": "https://t.me/cvedetector/5521", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-25270 - Mirapolis LMS IDOR Disclosure\", \n  \"Content\": \"CVE ID : CVE-2024-25270 \nPublished : Sept. 12, 2024, 7:15 p.m. | 35\u00a0minutes ago \nDescription : An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-12T21:53:44.000000Z"}, {"uuid": "057c25c8-c4b7-4776-ac70-ba526b1e2edd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25274", "type": "seen", "source": "https://t.me/arpsyndicate/3774", "content": "#ExploitObserverAlert\n\nCVE-2024-25274\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25274. An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file.", "creation_timestamp": "2024-02-21T13:38:51.000000Z"}, {"uuid": "be5ac228-a14f-44e1-90ca-3de7d040e6b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2527", "type": "seen", "source": "https://t.me/ctinow/209124", "content": "https://ift.tt/IBeZs8K\nCVE-2024-2527 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /admin/rooms.php room_id sql injection", "creation_timestamp": "2024-03-15T21:01:21.000000Z"}, {"uuid": "6528b9e5-92f1-4efd-833e-571e52cf8798", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25274", "type": "seen", "source": "https://t.me/ctinow/188765", "content": "https://ift.tt/oI4rUiB\nCVE-2024-25274", "creation_timestamp": "2024-02-20T17:25:55.000000Z"}, {"uuid": "5b3647c9-4dc4-40ed-bf5a-bf79a2e71f51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2527", "type": "seen", "source": "https://t.me/ctinow/209703", "content": "https://ift.tt/53Gfcao\nCVE-2024-2527", "creation_timestamp": "2024-03-16T20:26:15.000000Z"}, {"uuid": "0581687f-912c-4ec7-9dee-9a3e3df2a73e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2527", "type": "seen", "source": "https://t.me/ctinow/209701", "content": "https://ift.tt/53Gfcao\nCVE-2024-2527", "creation_timestamp": "2024-03-16T20:21:40.000000Z"}, {"uuid": "96e40c74-768b-4c04-9ccf-b3016eeb8dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25274", "type": "seen", "source": "https://t.me/ctinow/188754", "content": "https://ift.tt/oI4rUiB\nCVE-2024-25274", "creation_timestamp": "2024-02-20T17:25:41.000000Z"}, {"uuid": "781ad7db-5fcb-4bce-9908-254fad114464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25270", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8711", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-25270\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.\n\ud83d\udccf Published: 2024-09-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-25T16:10:42.384Z\n\ud83d\udd17 References:\n1. https://github.com/fbkcs/CVE-2024-25270", "creation_timestamp": "2025-03-25T16:25:18.000000Z"}, {"uuid": "bbd3d2cf-e029-4fb0-8cf1-7fc880126b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2527", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11351", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-2527\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2024-03-16T19:00:06.225Z\n\ud83d\udccf Modified: 2025-04-10T20:30:11.355Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.256964\n2. https://vuldb.com/?ctiid.256964\n3. https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md", "creation_timestamp": "2025-04-10T20:49:52.000000Z"}]}