{"vulnerability": "cve-2023-4496", "sightings": [{"uuid": "173bed3e-91f5-4660-8adb-d35e5989e8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44962", "type": "seen", "source": "https://t.me/cibsecurity/72136", "content": "\u203c CVE-2023-44962 \u203c\n\nFile Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T22:17:35.000000Z"}, {"uuid": "20430675-73c7-4217-a89b-fbe17b5e37ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-4496", "type": "seen", "source": "https://t.me/cibsecurity/71580", "content": "\u203c CVE-2023-4496 \u203c\n\nEasy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-04T16:12:15.000000Z"}, {"uuid": "77b623f8-922a-4394-a420-17e9c637ef08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44962", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5363", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC for CVE-2023-44962\nURL\uff1ahttps://github.com/ggb0n/CVE-2023-44962\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-11T04:59:54.000000Z"}, {"uuid": "ed88af03-22fe-4eb4-a965-d5c02020756b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44961", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5287", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPoC for CVE-2023-44961\nURL\uff1ahttps://github.com/ggb0n/CVE-2023-44961\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-10-05T07:34:06.000000Z"}, {"uuid": "d692fd41-3a17-4e59-8551-2f47c8c2d32d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44962", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9151", "content": "#exploit\n1. CVE-2023-21275:\nGoogle Android AdminIntegFlowPrepareActivity*java LPE\nhttps://github.com/Trinadh465/packages_apps_ManagedProvisioning_AOSP10_r33_CVE-2023-21275\n\n2. CVE-2023-44962:\nUploading archive files containing symbolic links in\u00a0upload-cover-image*pl\u00a0can leak some of the content of the linked files\nhttps://github.com/ggb0n/CVE-2023-44962", "creation_timestamp": "2023-10-06T11:01:41.000000Z"}, {"uuid": "30c534cc-9b01-40e1-9502-c91c0db8f71b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44961", "type": "seen", "source": "https://t.me/cibsecurity/72134", "content": "\u203c CVE-2023-44961 \u203c\n\nSQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-11T22:17:33.000000Z"}, {"uuid": "c5409299-6b96-458c-97eb-b7bfed8f5c67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-44962", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/1280", "content": "#exploit\n1. CVE-2023-21275:\nGoogle Android AdminIntegFlowPrepareActivity*java LPE\nhttps://github.com/Trinadh465/packages_apps_ManagedProvisioning_AOSP10_r33_CVE-2023-21275\n\n2. CVE-2023-44962:\nUploading archive files containing symbolic links in\u00a0upload-cover-image*pl\u00a0can leak some of the content of the linked files\nhttps://github.com/ggb0n/CVE-2023-44962", "creation_timestamp": "2024-08-16T08:32:29.000000Z"}]}