{"vulnerability": "cve-2025-2819", "sightings": [{"uuid": "33bcd8ef-812f-4242-8ed2-63276bf417b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28198", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11855", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-28198\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.\n\ud83d\udccf Published: 2025-04-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-15T15:33:10.104Z\n\ud83d\udd17 References:\n1. https://github.com/Hitout/carsale/issues/24", "creation_timestamp": "2025-04-15T15:54:49.000000Z"}, {"uuid": "c4c207ca-1750-4624-b6bf-4ea7df453524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28197", "type": "seen", "source": "https://t.me/cvedetector/23345", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28197 - Crawl4AI SSRF\", \n  \"Content\": \"CVE ID : CVE-2025-28197 \nPublished : April 18, 2025, 8:15 p.m. | 29\u00a0minutes ago \nDescription : Crawl4AI <=0.4.247\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-18T23:16:08.000000Z"}, {"uuid": "3713f107-24d1-473b-b65e-bf47a9d7f865", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28198", "type": "seen", "source": "https://t.me/cvedetector/22962", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-28198 - Hitout Car Sale SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2025-28198 \nPublished : April 15, 2025, 4:16 p.m. | 1\u00a0hour ago \nDescription : A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"15 Apr 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-15T19:57:01.000000Z"}, {"uuid": "6feee971-b6a1-4517-9af6-51898b2565f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2819", "type": "seen", "source": "https://t.me/cvedetector/21189", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-2819 - GT-SoftControl File Upload Vulnerability (Path Traversal)\", \n  \"Content\": \"CVE ID : CVE-2025-2819 \nPublished : March 26, 2025, 3:16 p.m. | 1\u00a0hour, 27\u00a0minutes ago \nDescription : There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"26 Mar 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-03-26T18:04:13.000000Z"}, {"uuid": "86b011da-6ba0-4e67-916c-43e655c044ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-2819", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8861", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2819\n\ud83d\udd25 CVSS Score: 6.6 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L)\n\ud83d\udd39 Description: There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient validation in the file selection process. This could lead to data integrity issues and unauthorized access by an authenticated privileged user.\n\ud83d\udccf Published: 2025-03-26T14:49:38.291Z\n\ud83d\udccf Modified: 2025-03-26T15:17:46.739Z\n\ud83d\udd17 References:\n1. https://www.bizerba.com/downloads/global/information-security/2025/bizerba-sa-2025-0001.pdf", "creation_timestamp": "2025-03-26T15:26:03.000000Z"}, {"uuid": "9c83847c-da31-4069-9c27-d94fe965b8e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28198", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmuqaknawq2b", "content": "", "creation_timestamp": "2025-04-15T18:43:58.800526Z"}, {"uuid": "be7a75ed-5253-4aca-ba84-a17f83deb945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28197", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrgv6aw2l", "content": "", "creation_timestamp": "2025-04-18T20:33:45.584582Z"}, {"uuid": "179b4090-c438-4ce9-a31f-41c055cbd4c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-28197", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114382402348366712", "content": "", "creation_timestamp": "2025-04-22T15:49:16.405692Z"}]}