{"vulnerability": "CVE-2025-4483", "sightings": [{"uuid": "a7990b41-aa45-486e-a07f-2d24e087a9d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44830", "type": "seen", "source": "https://t.me/cvedetector/25106", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44830 - EngineerCMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2025-44830 \nPublished : May 12, 2025, 4:15 p.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"12 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-12T21:08:15.000000Z"}, {"uuid": "baf0010c-bde4-4fdb-b2f0-842517beff2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44838", "type": "seen", "source": "https://t.me/cvedetector/24234", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44838 - TOTOLINK CPE CP900 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-44838 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setUploadUserData function via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:22.000000Z"}, {"uuid": "43c87a7b-6cfe-41e3-8460-7b51c655182f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44837", "type": "seen", "source": "https://t.me/cvedetector/24233", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44837 - Totolink CPE CP900 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-44837 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the url or magicid parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:21.000000Z"}, {"uuid": "4216c333-69e5-4807-8748-b0846175dffa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44836", "type": "seen", "source": "https://t.me/cvedetector/24232", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44836 - TOTOLINK CPE CP900 Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-44836 \nPublished : May 1, 2025, 3:16 p.m. | 1\u00a0hour, 9\u00a0minutes ago \nDescription : TOTOLINK CPE CP900 V6.3c.1144_B20190715 was discovered to contain a command injection vulnerability in the setApRebootScheCfg function via the hour or minute parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T19:01:20.000000Z"}, {"uuid": "47035dba-ddd7-4c9d-9a43-af8ba75d0616", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4483", "type": "seen", "source": "Telegram/75NSb9F_R4fu9qv-QQvoI2QyehVHqHDGkOlpqCZTQx9z33k", "content": "", "creation_timestamp": "2025-05-09T20:00:31.000000Z"}, {"uuid": "2aaab48f-b543-49fb-b037-a8479bb784e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44839", "type": "seen", "source": "https://t.me/cvedetector/24255", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44839 - TOTOLINK CA600-PoE Command Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-44839 \nPublished : May 1, 2025, 5:15 p.m. | 1\u00a0hour, 14\u00a0minutes ago \nDescription : TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"01 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-01T20:41:54.000000Z"}, {"uuid": "2dcfa760-9f63-4a38-8298-d9cdf26da7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4483", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lori7bwj4k2r", "content": "", "creation_timestamp": "2025-05-09T22:32:28.933371Z"}, {"uuid": "47c80989-3c2c-4bfe-89e2-a826ecbd1252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44839", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44839\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: TOTOLINK CA600-PoE V5.3c.6665_B20180820 was found to contain a command injection vulnerability in the CloudSrvUserdataVersionCheck function via the magicid parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.\n\ud83d\udccf Published: 2025-05-01T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T17:00:36.506Z\n\ud83d\udd17 References:\n1. https://github.com/Summermu/VulnForIoT/tree/main/Totolink_CA600-PoE/CloudSrvUserdataVersionCheck_magicid/readme.md", "creation_timestamp": "2025-05-01T17:15:11.000000Z"}, {"uuid": "f07068be-4bec-469d-9853-a23893162255", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44830", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16059", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44830\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.\n\ud83d\udccf Published: 2025-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T22:07:13.247Z\n\ud83d\udd17 References:\n1. https://github.com/3xxx/engineercms/issues/90\n2. https://gist.github.com/LTLTLXEY/e00ec21b730742ef432a7a560cd9b70a", "creation_timestamp": "2025-05-12T22:29:09.000000Z"}, {"uuid": "5d0eac1a-686b-4263-8396-dd9e7588f0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44831", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16148", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-44831\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.\n\ud83d\udccf Published: 2025-05-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T15:04:49.383Z\n\ud83d\udd17 References:\n1. https://github.com/3xxx/engineercms/issues/91", "creation_timestamp": "2025-05-13T15:31:22.000000Z"}, {"uuid": "680783cd-637c-46ba-84a9-0e3fa761a94b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4483", "type": "seen", "source": "https://t.me/cvedetector/24977", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-4483 - iSourcecode Gym Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-4483 \nPublished : May 9, 2025, 6:16 p.m. | 1\u00a0hour, 59\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 7.3 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-09T22:54:07.000000Z"}, {"uuid": "5efc7629-67ad-459e-85bf-6eb4f7e56938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-4483", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3loqzljgxm5q2", "content": "", "creation_timestamp": "2025-05-09T18:12:31.445394Z"}, {"uuid": "399cda4c-9eef-4cc0-aafc-996c7dd9e88e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44830", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lozb4rw23q2t", "content": "", "creation_timestamp": "2025-05-13T00:47:07.177294Z"}, {"uuid": "daa7c952-97da-457f-aff6-4bf6968b3682", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-44831", "type": "seen", "source": "https://t.me/cvedetector/25215", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-44831 - EngineerCMS SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-44831 \nPublished : May 13, 2025, 3:15 p.m. | 1\u00a0hour, 58\u00a0minutes ago \nDescription : EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 May 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-05-13T19:44:02.000000Z"}]}