{"vulnerability": "CVE-2021-2028", "sightings": [{"uuid": "5b87562a-ddaa-4641-bc13-1bde2678967b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20288", "type": "seen", "source": "https://gist.github.com/sini/daf2ebc7f4ff5092da076dd4d696eee5", "content": "", "creation_timestamp": "2025-01-09T19:46:10.000000Z"}, {"uuid": "f49e3be6-223b-44df-beab-d0507159c91a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-2028", "type": "seen", "source": "https://t.me/cibsecurity/22344", "content": "\u203c CVE-2021-2028 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T18:27:23.000000Z"}, {"uuid": "fb9eae45-7ec0-43cb-ad7c-11bf7685941f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20283", "type": "seen", "source": "https://t.me/cibsecurity/24928", "content": "\u203c CVE-2021-20283 \u203c\n\nThe web service responsible for fetching other users' enrolled courses did not validate that the requesting user had permission to view that information in each course in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T01:29:20.000000Z"}, {"uuid": "54c725e1-e82b-4a06-8776-5d316caa1f03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20281", "type": "seen", "source": "https://t.me/cibsecurity/24937", "content": "\u203c CVE-2021-20281 \u203c\n\nIt was possible for some users without permission to view other users' full names to do so via the online users block in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T01:29:31.000000Z"}, {"uuid": "0b165b0e-ea5d-4421-bbd8-e39d10c10842", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20280", "type": "seen", "source": "https://t.me/cibsecurity/24935", "content": "\u203c CVE-2021-20280 \u203c\n\nText-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T01:29:29.000000Z"}, {"uuid": "be7a77bf-f001-4328-bfed-8795f2d7985b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20282", "type": "seen", "source": "https://t.me/cibsecurity/24930", "content": "\u203c CVE-2021-20282 \u203c\n\nWhen creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T01:29:22.000000Z"}, {"uuid": "789055c6-c7a3-4db0-afb3-e79e635b96bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-20282", "type": "seen", "source": "https://t.me/arpsyndicate/4808", "content": "#ExploitObserverAlert\n\nCVE-2021-20282\n\nDESCRIPTION: Exploit Observer has 16 entries in 3 file formats related to CVE-2021-20282. When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.\n\nFIRST-EPSS: 0.001570000\nNVD-IS: 1.4\nNVD-ES: 3.9\nARPS-PRIORITY: 0.7702185", "creation_timestamp": "2024-04-24T20:01:24.000000Z"}]}