{"vulnerability": "cve-2023-3457", "sightings": [{"uuid": "dbbf4ccd-2a28-40f6-9d35-2c50aad29d00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34577", "type": "seen", "source": "https://t.me/cibsecurity/70907", "content": "\u203c CVE-2023-34577 \u203c\n\nSQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T20:31:04.000000Z"}, {"uuid": "3a8b59ed-8ffc-48f5-8baa-19d96a717137", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34571", "type": "seen", "source": "https://t.me/cibsecurity/65072", "content": "\u203c CVE-2023-34571 \u203c\n\nTenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-08T18:16:01.000000Z"}, {"uuid": "1fcdc53e-b29e-4173-b1fa-4ed7bcef3ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34570", "type": "seen", "source": "https://t.me/cibsecurity/65071", "content": "\u203c CVE-2023-34570 \u203c\n\nTenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-08T18:16:00.000000Z"}, {"uuid": "3ae5d0ca-34a8-4a59-a980-3b673e260f23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34575", "type": "seen", "source": "https://t.me/cibsecurity/70862", "content": "\u203c CVE-2023-34575 \u203c\n\nSQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T09:44:37.000000Z"}, {"uuid": "f2ef1a31-6d47-4b06-8386-05f5c7073e35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34570", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/215", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34570\n\ud83d\udd39 Description: Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName.\n\ud83d\udccf Published: 2023-06-08T00:00:00\n\ud83d\udccf Modified: 2025-01-06T20:28:49.677Z\n\ud83d\udd17 References:\n1. https://hackmd.io/%400dayResearch/S1eI91_l2", "creation_timestamp": "2025-01-06T20:48:43.000000Z"}, {"uuid": "82a1723c-a93e-411d-9e04-02118d71c3ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3457", "type": "seen", "source": "https://t.me/arpsyndicate/2375", "content": "#ExploitObserverAlert\n\nCVE-2023-3457\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2023-3457. A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.\n\nFIRST-EPSS: 0.000770000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-03T22:54:24.000000Z"}, {"uuid": "d080642c-fd23-4426-ad06-ff06854bc89e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34576", "type": "seen", "source": "https://t.me/cibsecurity/70926", "content": "\u203c CVE-2023-34576 \u203c\n\nSQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-22T00:36:09.000000Z"}, {"uuid": "b617ebf9-980f-4262-9b4e-1440a9a91a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-3457", "type": "seen", "source": "https://t.me/cibsecurity/65725", "content": "\u203c CVE-2023-3457 \u203c\n\nA vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-29T18:14:30.000000Z"}, {"uuid": "aaadaf2b-bcca-48c6-975e-e637bcc8fd8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-34571", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/222", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-34571\n\ud83d\udd39 Description: Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet.\n\ud83d\udccf Published: 2023-06-08T00:00:00\n\ud83d\udccf Modified: 2025-01-06T20:22:07.202Z\n\ud83d\udd17 References:\n1. https://hackmd.io/%400dayResearch/S1GcUxzSn", "creation_timestamp": "2025-01-06T20:49:42.000000Z"}]}