{"vulnerability": "cve-2023-2784", "sightings": [{"uuid": "e605f70a-ca6e-4bee-ab6f-c811c6952265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27842", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7945", "content": "#exploit\n1. CVE-2023-23396:\nMicrosoft Excel DoS Vulnerability\nhttps://github.com/LucaBarile/CVE-2023-23396\n\n2. CVE-2023-27842:\neXtplorer 2.1.15 - Insecure Permissions following RCE (Authenticated)\nhttps://github.com/tristao-marinho/CVE-2023-27842\n\n3. CVE-2023-27587:\nReadtoMyShoe - Generation of Error Message Containing Sensitive Information\nhttps://github.com/sec-fx/CVE-2023-27587-PoC", "creation_timestamp": "2023-03-17T11:01:01.000000Z"}, {"uuid": "98e39d75-b7a4-4cf8-b4ac-76029edfbf17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27842", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5545", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27842\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent\n\ud83d\udccf Published: 2023-03-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-26T17:11:02.653Z\n\ud83d\udd17 References:\n1. http://blog.tristaomarinho.com/extplorer-2-1-15-insecure-permissions-following-remote-code-execution/\n2. http://extplorer.net/\n3. http://extplorer.net/attachments/download/99/eXtplorer_2.1.15.zip\n4. https://github.com/tristao-marinho/CVE-2023-27842/blob/main/README.md\n5. https://github.com/tristao-marinho/CVE-2023-27842", "creation_timestamp": "2025-02-26T17:24:18.000000Z"}, {"uuid": "8aa21eb5-2217-4a94-b8da-f493e54b088c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27843", "type": "seen", "source": "Telegram/I_V4j7Y9M_vNjG4pa_v5MNwDKORvTUvgAIINqY1bdU8AcHbO", "content": "", "creation_timestamp": "2025-02-06T02:40:19.000000Z"}, {"uuid": "72dd0426-1bca-47f2-9cff-c97e73783e71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27844", "type": "seen", "source": "https://t.me/cibsecurity/62273", "content": "\u203c CVE-2023-27844 \u203c\n\nSQL injection vulnerability found in PrestaShopleurlrewrite v.1.0 and before allow a remote attacker to gain privileges via the Dispatcher::getController component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-17T16:38:46.000000Z"}, {"uuid": "871df753-9024-43ab-b55d-08d4b43beb3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27842", "type": "seen", "source": "https://t.me/cibsecurity/60380", "content": "\u203c CVE-2023-27842 \u203c\n\nInsecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-21T17:34:56.000000Z"}, {"uuid": "550272ca-3367-4e10-8dc2-176199226a0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27843", "type": "seen", "source": "https://t.me/cibsecurity/62883", "content": "\u203c CVE-2023-27843 \u203c\n\nSQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T07:30:33.000000Z"}, {"uuid": "bed984d2-a6fb-4e52-a98d-3d01270c36cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27849", "type": "seen", "source": "https://t.me/cibsecurity/62753", "content": "\u203c CVE-2023-27849 \u203c\n\nrails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T22:19:49.000000Z"}, {"uuid": "e5159c37-52da-4fbd-a167-bcc1eb61e0fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27848", "type": "seen", "source": "https://t.me/cibsecurity/62748", "content": "\u203c CVE-2023-27848 \u203c\n\nbroccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-24T22:19:41.000000Z"}, {"uuid": "3a7bfa6a-ec7d-42be-a874-9d0c2e688b61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27847", "type": "seen", "source": "https://t.me/cibsecurity/60820", "content": "\u203c CVE-2023-27847 \u203c\n\nSQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-27T20:56:08.000000Z"}, {"uuid": "8a48a6fb-2d8b-4045-b71d-d2b29d1308d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-27845", "type": "seen", "source": "https://t.me/cibsecurity/66201", "content": "\u203c CVE-2023-27845 \u203c\n\nSQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-07T20:17:50.000000Z"}]}