{"vulnerability": "cve-2023-3015", "sightings": [{"uuid": "46acf686-93d4-4be3-9c17-5ea25bba48cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30151", "type": "seen", "source": "https://t.me/kasraone_com/429", "content": "\ud83d\udd34 CVE\n      CVE-2023-37744\n\n\n\u0633\u06cc\u0633\u062a\u0645 \u0645\u062f\u06cc\u0631\u06cc\u062a \u0627\u0633\u062a\u062e\u062f\u0627\u0645 \u062e\u062f\u0645\u062a\u06a9\u0627\u0631 \u062e\u0627\u0646\u0647 \u0628\u0647 \u0646\u0633\u062e\u0647 1.0 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f \u06a9\u0647 \u062d\u0627\u0648\u06cc \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc cross-site scripting (XSS) \u0627\u0632 \u0637\u0631\u06cc\u0642 \u0628\u062e\u0634\n /admin/search-booking-request.php \n\u0627\u0633\u062a\n\n\n    CVE-2023-30151\n\n\u062b\u0628\u062a \u062a\u0632\u0631\u06cc\u0642 SQL \u062f\u0631 \u0645\u0627\u0698\u0648\u0644 Boxtal (envoimoinscher) \u0628\u0631\u0627\u06cc PrestaShop\u060c \u067e\u0633 \u0627\u0632 \u0646\u0633\u062e\u0647 3.1.10\u060c \u0628\u0647 \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0627\u0632 \u0631\u0627\u0647 \u062f\u0648\u0631 \u0648\u0627\u0631\u062f \u0634\u062f\u0647 \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u067e\u0627\u0631\u0627\u0645\u062a\u0631 GET \u06a9\u0644\u06cc\u062f \u062f\u0633\u062a\u0648\u0631\u0627\u062a \u062e\u0648\u062f \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u0646\u062f.", "creation_timestamp": "2023-08-04T11:10:09.000000Z"}, {"uuid": "f9e01961-3446-402f-934b-ef16c227eaeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-30154", "type": "seen", "source": "https://t.me/cibsecurity/72278", "content": "\u203c CVE-2023-30154 \u203c\n\nMultiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-14T07:29:30.000000Z"}]}