{"uuid": "6bd09de3-83bb-48fb-b53a-1a0f5accc39e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2744", "type": "seen", "source": "https://t.me/arpsyndicate/2301", "content": "#ExploitObserverAlert\n\nCVE-2023-2744\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2744. The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n\nFIRST-EPSS: 0.000790000\nNVD-IS: 5.9\nNVD-ES: 1.2", "creation_timestamp": "2024-01-01T05:59:02.000000Z"}