{"vulnerability": "CVE-2020-1356", "sightings": [{"uuid": "2b5953f5-faf8-425d-9671-071a959aec1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13563", "type": "seen", "source": "https://t.me/cibsecurity/22902", "content": "\u203c CVE-2020-13563 \u203c\n\nA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template group_id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T19:25:15.000000Z"}, {"uuid": "cdd4bd89-97a1-4699-a102-c503de738b4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13567", "type": "seen", "source": "https://t.me/cibsecurity/41015", "content": "\u203c CVE-2020-13567 \u203c\n\nMultiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-24T18:34:38.000000Z"}, {"uuid": "36387916-5bb2-4a54-bd97-75018efeb139", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13561", "type": "seen", "source": "https://t.me/cibsecurity/23415", "content": "\u203c CVE-2020-13561 \u203c\n\nAn out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-11T00:41:51.000000Z"}, {"uuid": "92487a51-9ab6-4822-8ce7-b74a88e3dd2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13564", "type": "seen", "source": "https://t.me/cibsecurity/22899", "content": "\u203c CVE-2020-13564 \u203c\n\nA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template acl_id parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T19:25:13.000000Z"}, {"uuid": "76be98b3-a51f-4092-9bc8-b169e7fa79e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13569", "type": "seen", "source": "https://t.me/cibsecurity/22786", "content": "\u203c CVE-2020-13569 \u203c\n\nA cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-28T16:38:27.000000Z"}, {"uuid": "a3a09e9e-f940-4bf8-b82e-3747a6f2a1f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13562", "type": "seen", "source": "https://t.me/cibsecurity/22900", "content": "\u203c CVE-2020-13562 \u203c\n\nA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnaerability in the phpGACL template action parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T19:25:14.000000Z"}, {"uuid": "a211407c-3300-4403-b2d8-950b5b1e7c74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13560", "type": "seen", "source": "https://t.me/cibsecurity/21175", "content": "\u203c CVE-2020-13560 \u203c\n\nA use after free vulnerability exists in the JavaScript engine of Foxit Software\u00e2\u20ac\u2122s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-22T20:53:23.000000Z"}, {"uuid": "56b6112e-c652-43b3-b981-171289921f59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13566", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}, {"uuid": "3e08d73c-003c-40e7-b5f5-a96ffd870ff6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13564", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}, {"uuid": "50e4e24b-1de5-431c-af01-54b11dbe08f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13565", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}, {"uuid": "823a8796-8bd0-4f03-94dc-a19175404df1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13562", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}, {"uuid": "b410ed6a-06bc-476d-8bcd-094d8237c9dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13569", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}, {"uuid": "cab8c16d-9e65-44e3-9046-6f854f5baaa5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-13568", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2599", "content": "Multiple vulnerabilities in phpGACL class (CVE-2020-13562 - CVE-2020-13564, CVE-2020-13565, CVE-2020-13569, CVE-2020-13566 - CVE-2020-13568) (PoC)\nhttps://blog.talosintelligence.com/2021/01/vuln-spotlight-php-gacl-openemr.html", "creation_timestamp": "2022-06-07T18:49:49.000000Z"}]}