{"vulnerability": "CVE-2020-1420", "sightings": [{"uuid": "c67aa3c4-c9ee-44e7-b33a-003df255f11a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14209", "type": "seen", "source": "MISP/f1c584cb-ef68-4a56-bffc-6460023b6d45", "content": "", "creation_timestamp": "2024-11-14T06:08:49.000000Z"}, {"uuid": "d2c3dd73-02d6-4684-aef8-1992a4ef2503", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14209", "type": "seen", "source": "https://t.me/arpsyndicate/4847", "content": "#ExploitObserverAlert\n\nCVE-2020-14209\n\nDESCRIPTION: Exploit Observer has 10 entries in 4 file formats related to CVE-2020-14209. Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism).\n\nFIRST-EPSS: 0.010500000\nNVD-IS: 5.9\nNVD-ES: 2.8\nARPS-PRIORITY: 0.8573414", "creation_timestamp": "2024-04-25T19:31:11.000000Z"}, {"uuid": "d995b58b-485d-4d43-b80b-aa2006820474", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14208", "type": "seen", "source": "https://t.me/cibsecurity/17399", "content": "\u203c CVE-2020-14208 \u203c\n\nSuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T06:25:21.000000Z"}, {"uuid": "7e190032-a208-4e60-beb7-867ee1a11b4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14205", "type": "seen", "source": "https://t.me/cibsecurity/17270", "content": "\u203c CVE-2020-14205 \u203c\n\nThe DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T22:31:16.000000Z"}, {"uuid": "8e6ed383-15a2-4895-b09a-a0fe12ad4e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-14208", "type": "seen", "source": "https://t.me/cibsecurity/16565", "content": "\u203c CVE-2020-14208 \u203c\n\nSuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-19T00:40:42.000000Z"}]}