{"vulnerability": "cve-2023-2980", "sightings": [{"uuid": "d310f910-9a70-44f9-b5fa-8271b585e968", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29809", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2927", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29809\n\ud83d\udd39 Description: SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T15:39:15.478Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/51422\n2. https://packetstormsecurity.com/files/172146/Companymaps-8.0-SQL-Injection.html\n3. https://github.com/zPrototype/CVE-2023-29809", "creation_timestamp": "2025-01-24T16:04:51.000000Z"}, {"uuid": "7d53fa58-9036-4dc3-a6c0-58c0c9ea4abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29808", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2924", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29808\n\ud83d\udd39 Description: Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T15:41:32.702Z\n\ud83d\udd17 References:\n1. https://github.com/vogtmh/cmaps\n2. https://github.com/zPrototype/CVE-2023-29808\n3. https://packetstormsecurity.com/files/172145/Companymaps-8.0-Cross-Site-Scripting.html", "creation_timestamp": "2025-01-24T16:04:45.000000Z"}, {"uuid": "c53c8673-63d0-4d48-8512-0b8ce984cdd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-2980", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/1199", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-2980\n\ud83d\udd39 Description: A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212.\n\ud83d\udccf Published: 2023-05-30T14:31:03.238Z\n\ud83d\udccf Modified: 2025-01-10T17:31:19.346Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.230212\n2. https://vuldb.com/?ctiid.230212\n3. https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421\n4. https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be", "creation_timestamp": "2025-01-10T18:03:49.000000Z"}, {"uuid": "5c46a1f7-0ad4-4d5c-9d07-ec862c956cfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29805", "type": "seen", "source": "https://t.me/cibsecurity/62150", "content": "\u203c CVE-2023-29805 \u203c\n\nWFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T18:25:55.000000Z"}, {"uuid": "318dc2ac-7503-4518-ab9b-5e6bb3208d7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29803", "type": "seen", "source": "https://t.me/cibsecurity/62145", "content": "\u203c CVE-2023-29803 \u203c\n\nTOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T18:25:48.000000Z"}, {"uuid": "e38c9153-6471-4e0e-af79-9d20a6f7fefb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29809", "type": "exploited", "source": "https://www.exploit-db.com/exploits/51422", "content": "", "creation_timestamp": "2023-05-05T00:00:00.000000Z"}, {"uuid": "23355895-097c-46d2-ac9f-f8d13924b17f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29801", "type": "seen", "source": "https://t.me/cibsecurity/62158", "content": "\u203c CVE-2023-29801 \u203c\n\nTOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T18:26:06.000000Z"}, {"uuid": "988eac20-1720-4c34-ae3f-1e17196fcb84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-29802", "type": "seen", "source": "https://t.me/cibsecurity/62155", "content": "\u203c CVE-2023-29802 \u203c\n\nTOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T18:26:03.000000Z"}]}