{"vulnerability": "CVE-2020-1996", "sightings": [{"uuid": "e85076f1-f962-433b-b203-ecc6784d07c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19961", "type": "seen", "source": "https://t.me/cibsecurity/30561", "content": "\u203c CVE-2020-19961 \u203c\n\nA SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:36.000000Z"}, {"uuid": "1e788227-733f-4e2e-b44f-21e0373fd4ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19962", "type": "seen", "source": "https://t.me/cibsecurity/30566", "content": "\u203c CVE-2020-19962 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:45.000000Z"}, {"uuid": "5ed8157a-5bd9-45b8-ada5-ae1fb7f55351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19960", "type": "seen", "source": "https://t.me/cibsecurity/30565", "content": "\u203c CVE-2020-19960 \u203c\n\nA SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:40.000000Z"}, {"uuid": "4be45970-3017-4eae-80ae-15d6bafe1242", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-19964", "type": "seen", "source": "https://t.me/cibsecurity/30563", "content": "\u203c CVE-2020-19964 \u203c\n\nA Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:39.000000Z"}]}