{"vulnerability": "CVE-2020-1915", "sightings": [{"uuid": "be3b33be-b1cd-4822-b7d7-803d80f564fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19154", "type": "seen", "source": "https://t.me/cibsecurity/28900", "content": "\u203c CVE-2020-19154 \u203c\n\nImproper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:20.000000Z"}, {"uuid": "c3f08682-5076-4fb4-9421-56ed4c0ef914", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19155", "type": "seen", "source": "https://t.me/cibsecurity/28899", "content": "\u203c CVE-2020-19155 \u203c\n\nImproper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:19.000000Z"}, {"uuid": "cc850ecb-d9fa-49f0-93ef-74043e6000c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19156", "type": "seen", "source": "https://t.me/cibsecurity/28913", "content": "\u203c CVE-2020-19156 \u203c\n\nCross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:42.000000Z"}, {"uuid": "639aec1c-e45f-413a-ac7d-e81a96e2d9c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19150", "type": "seen", "source": "https://t.me/cibsecurity/28912", "content": "\u203c CVE-2020-19150 \u203c\n\nImproper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:41.000000Z"}, {"uuid": "d960f5a0-5089-461d-b840-5c1fb7825262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19159", "type": "seen", "source": "https://t.me/cibsecurity/28911", "content": "\u203c CVE-2020-19159 \u203c\n\nCross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attackers to execute arbitrary code via the component '/index.php?module=member&action=add'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:37.000000Z"}, {"uuid": "f96c7586-b3b0-4006-bd50-b865281bb22e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19158", "type": "seen", "source": "https://t.me/cibsecurity/28908", "content": "\u203c CVE-2020-19158 \u203c\n\nCross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:34.000000Z"}, {"uuid": "8fa68635-b2fa-448a-89c3-a4d7ed85a9da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19151", "type": "seen", "source": "https://t.me/cibsecurity/28903", "content": "\u203c CVE-2020-19151 \u203c\n\nCommand Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:26.000000Z"}, {"uuid": "fc6784dc-2d53-4aaa-bc8d-b574ec3a663e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19157", "type": "seen", "source": "https://t.me/cibsecurity/28902", "content": "\u203c CVE-2020-19157 \u203c\n\nCross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-15T18:22:26.000000Z"}, {"uuid": "25560cdb-1cae-4a85-a035-30d2d2fdcbd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-1915", "type": "seen", "source": "https://t.me/cibsecurity/15592", "content": "\u203c CVE-2020-1915 \u203c\n\nAn out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-10-26T23:29:15.000000Z"}]}