{"vulnerability": "CVE-2021-3317", "sightings": [{"uuid": "ccb2d9e8-977e-4c2c-a9bc-97db3c04123b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3317", "type": "seen", "source": "https://t.me/cibsecurity/22693", "content": "\u203c CVE-2021-3317 \u203c\n\nKLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-27T02:36:29.000000Z"}, {"uuid": "85d7a354-3509-4538-acc5-a13f46f18fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3317", "type": "published-proof-of-concept", "source": "https://t.me/pwnwiki_zhchannel/100", "content": "CVE-2021-3317 Klog Server 2.4.1 \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\nhttps://short.pwnwiki.org/?c=gHxXpZ", "creation_timestamp": "2021-09-21T06:42:51.000000Z"}, {"uuid": "16b0fb10-e48c-4eeb-ab02-6681f319aa75", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33177", "type": "seen", "source": "https://t.me/cibsecurity/30562", "content": "\u203c CVE-2021-33177 \u203c\n\nThe Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once authenticated they would be able to execute arbitrary sql queries.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:38.000000Z"}, {"uuid": "87cae50c-abac-417a-a4d7-947dd29d0529", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33179", "type": "seen", "source": "https://t.me/cibsecurity/30573", "content": "\u203c CVE-2021-33179 \u203c\n\nThe general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:54.000000Z"}, {"uuid": "192e54c9-09ff-4773-8431-7a048231ddfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-33178", "type": "seen", "source": "https://t.me/cibsecurity/30570", "content": "\u203c CVE-2021-33178 \u203c\n\nThe Manage Backgrounds functionality within Nagvis versions prior to 2.0.9 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to arbitrarily delete files on the local system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-10-14T18:27:48.000000Z"}]}