{"vulnerability": "cve-2020-2029", "sightings": [{"uuid": "5aebe709-3744-4f95-8107-e6e5e5fe6037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20290", "type": "seen", "source": "https://t.me/cibsecurity/22911", "content": "\u203c CVE-2020-20290 \u203c\n\nDirectory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T21:25:10.000000Z"}, {"uuid": "b427d8a5-a58f-41f0-815d-2abc55443822", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20296", "type": "seen", "source": "https://t.me/cibsecurity/22908", "content": "\u203c CVE-2020-20296 \u203c\n\nAn issue was found in CMSWing project version 1.3.8, Because the rechargeAction function does not check the balance parameter, malicious parameters can execute arbitrary SQL commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T21:25:07.000000Z"}, {"uuid": "ef9ec410-dee5-4cbc-9290-13ff78d79ef1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20294", "type": "seen", "source": "https://t.me/Yemen_Shield/714", "content": "NEW: CVE-2020-20294 Police cars revolving light An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. Severity: CRITICAL https://t.co/borCWA6u6u\n\nhttps://twitter.com/HackrawiX", "creation_timestamp": "2021-02-06T01:49:59.000000Z"}, {"uuid": "db56b26e-c697-4de4-a574-e4ed22d3e49c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20298", "type": "seen", "source": "https://t.me/cibsecurity/21087", "content": "\u203c CVE-2020-20298 \u203c\n\nEval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T22:44:07.000000Z"}, {"uuid": "9971fab9-12be-4292-a84d-0aaf6de2fed8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20294", "type": "seen", "source": "https://t.me/cibsecurity/22917", "content": "\u203c CVE-2020-20294 \u203c\n\nAn issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T21:25:16.000000Z"}, {"uuid": "1aa5fa1d-b1c0-4234-a236-bbf3586c735a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20295", "type": "seen", "source": "https://t.me/cibsecurity/22914", "content": "\u203c CVE-2020-20295 \u203c\n\nAn issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T21:25:13.000000Z"}, {"uuid": "22033533-378c-4e52-8093-c82e00bcf74f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-20299", "type": "seen", "source": "https://t.me/cibsecurity/21095", "content": "\u203c CVE-2020-20299 \u203c\n\nWeiPHP 5.0 does not properly restrict access to pages, related to using POST.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-18T22:44:15.000000Z"}]}