{"vulnerability": "cve-2024-4823", "sightings": [{"uuid": "3ca34790-0f9d-4c77-91a2-24e17214db5f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48239", "type": "seen", "source": "https://t.me/cvedetector/9000", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48239 - \"WTCMS Plupload Cross Site Scripting Vulnerability\"\", \n  \"Content\": \"CVE ID : CVE-2024-48239 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : An issue was discovered in WTCMS 1.0. In the plupload method in \\AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:17.000000Z"}, {"uuid": "3d443835-0353-4101-aeba-897006a12689", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48237", "type": "seen", "source": "https://t.me/cvedetector/8998", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48237 - WTCMS Incorrect Access Control\", \n  \"Content\": \"CVE ID : CVE-2024-48237 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : WTCMS 1.0 is vulnerable to Incorrect Access Control in \\Common\\Controller\\HomebaseController.class.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:12.000000Z"}, {"uuid": "26342cca-16ab-4088-b65c-f55d7eb188ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48231", "type": "seen", "source": "https://t.me/cvedetector/8460", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48231 - Funadmin SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-48231 \nPublished : Oct. 21, 2024, 12:15 p.m. | 41\u00a0minutes ago \nDescription : Funadmin 5.0.2 is vulnerable to SQL Injection.via the selectFields parameter in the index method of \\app\\backend\\controller\\auth\\Auth.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"21 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-21T15:09:43.000000Z"}, {"uuid": "e1189424-934d-4866-b1f0-8f08a5b7d280", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48236", "type": "seen", "source": "https://t.me/cvedetector/8997", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48236 - Apache OFCMS Java Deserialization Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48236 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\\src\\main\\java\\com\\ofsoft\\cms\\core\\uitle\\FileUtils.java file \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:11.000000Z"}, {"uuid": "7254352c-65fe-4c63-83ab-12e5e43f9199", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48235", "type": "seen", "source": "https://t.me/cvedetector/8996", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48235 - Apache OFCMS Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48235 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:11.000000Z"}, {"uuid": "adb5b017-a79d-4bdc-a227-9a488a8161f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48234", "type": "seen", "source": "https://t.me/cvedetector/8994", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48234 - Mipjz SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48234 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : An issue was discovered in mipjz 5.0.5. In the push method of app\\tag\\controller\\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in Server-side request forgery (SSRF) vulnerability that can read server files. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:09.000000Z"}, {"uuid": "ca63d301-7c43-4c46-8cd3-4b9146e22a22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48238", "type": "seen", "source": "https://t.me/cvedetector/8999", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48238 - WTCMS SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-48238 \nPublished : Oct. 25, 2024, 10:15 p.m. | 42\u00a0minutes ago \nDescription : WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\\Controller\\NavControl.class.php via the parentid parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-26T01:27:16.000000Z"}, {"uuid": "f84357d7-0964-4aac-b28b-e0aa7bed366c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48232", "type": "seen", "source": "https://t.me/cvedetector/8986", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48232 - Mipjz SSRF Server-side Request Forgery\", \n  \"Content\": \"CVE ID : CVE-2024-48232 \nPublished : Oct. 25, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : An issue was found in mipjz 5.0.5. In the mipPost method of \\app\\setting\\controller\\ApiAdminTool.php, the value of the postAddress parameter is not processed and is directly passed into curl_exec execution and output, resulting in a Server-side request forgery (SSRF) vulnerability that can read server files. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T23:46:35.000000Z"}, {"uuid": "db296048-bc9e-4d41-a32e-2601e02330b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48230", "type": "seen", "source": "https://t.me/cvedetector/8985", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48230 - Funadmin SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-48230 \nPublished : Oct. 25, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : funadmin 5.0.2 is vulnerable to SQL Injection via the parentField parameter in the index method of \\backend\\controller\\auth\\Auth.php. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T23:46:34.000000Z"}, {"uuid": "c9b10fde-e67c-464b-9f41-002085c3a221", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-48233", "type": "seen", "source": "https://t.me/cvedetector/8983", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48233 - Mipjz ApiAdminSetting Cross Site Scripting (XSS)\", \n  \"Content\": \"CVE ID : CVE-2024-48233 \nPublished : Oct. 25, 2024, 9:15 p.m. | 31\u00a0minutes ago \nDescription : mipjz 5.0.5 is vulnerable to Cross Site Scripting (XSS) in \\app\\setting\\controller\\ApiAdminSetting.php via the ICP parameter. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"25 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-25T23:46:33.000000Z"}]}