{"vulnerability": "CVE-2021-3778", "sightings": [{"uuid": "16864dd5-82b7-4cca-b8c6-fff3bc64bd39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37782", "type": "seen", "source": "https://t.me/cibsecurity/52214", "content": "\u203c CVE-2021-37782 \u203c\n\nEmployee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T18:34:34.000000Z"}, {"uuid": "98ff8758-1177-448d-91e1-ac9425356319", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37787", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lktltkh4cb2u", "content": "", "creation_timestamp": "2025-03-20T21:02:03.896386Z"}, {"uuid": "118bdbb0-6049-4144-a525-f6087fea8fce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37789", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14608", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-37789\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.\n\ud83d\udccf Published: 2022-11-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-02T20:58:29.474Z\n\ud83d\udd17 References:\n1. https://github.com/nothings/stb/issues/1178\n2. https://lists.debian.org/debian-lts-announce/2023/01/msg00045.html", "creation_timestamp": "2025-05-02T21:16:30.000000Z"}, {"uuid": "cd65efbc-0994-435f-bcb2-19ef09f7db98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37787", "type": "published-proof-of-concept", "source": "Telegram/WK-d7rHew0RoUjunO6vRsF762k6XwiwPjLRMSoANXZ7zahs", "content": "", "creation_timestamp": "2025-03-08T04:00:07.000000Z"}, {"uuid": "623f4262-436b-453d-bd4a-2ac13d4ca330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37787", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/7183", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-37787\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The unprivileged administrative interface in ABO.CMS version 5.8 through v.5.9.3 is affected by a SQL Injection vulnerability via a HTTP POST request to the TinyMCE module\n\ud83d\udccf Published: 2025-03-11T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-11T17:30:12.473Z\n\ud83d\udd17 References:\n1. https://www.abocms.ru/", "creation_timestamp": "2025-03-11T17:39:43.000000Z"}, {"uuid": "49b324d8-06bc-4755-ba9f-b5d0bc65bf23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37782", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16046", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-37782\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php.\n\ud83d\udccf Published: 2022-10-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-12T19:42:14.740Z\n\ud83d\udd17 References:\n1. https://phpgurukul.com/employee-record-management-system-in-php-and-mysql/\n2. https://github.com/BigTiger2020/Employee-Record-Management-System/blob/main/Employee%20Record%20Management%20System.md", "creation_timestamp": "2025-05-12T20:29:47.000000Z"}, {"uuid": "fc1012d9-ed36-448d-8183-e4164a6e33fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37788", "type": "seen", "source": "https://t.me/cibsecurity/27010", "content": "\u203c CVE-2021-37788 \u203c\n\nA vulnerability in the web UI of Gurock TestRail v5.3.0.3603 could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-09T16:36:55.000000Z"}, {"uuid": "0c69fb07-495f-43e8-95f3-2c16738aa076", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37781", "type": "seen", "source": "https://t.me/cibsecurity/52212", "content": "\u203c CVE-2021-37781 \u203c\n\nEmployee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T18:34:29.000000Z"}, {"uuid": "79e8d7a0-3a46-4a4f-9613-48bd56d889a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-37786", "type": "seen", "source": "https://t.me/cibsecurity/29483", "content": "\u203c CVE-2021-37786 \u203c\n\nCertain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-27T18:35:03.000000Z"}]}