{"vulnerability": "CVE-2021-4066", "sightings": [{"uuid": "cca15f7b-268d-4d71-9edb-0234f9f379ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40662", "type": "published-proof-of-concept", "source": "https://t.me/cKure/10479", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: A good chained exploit using XSS, CSRF to achive command execution; CVE-2021-40662, Chamilo LMS 1.11.14 RCE.\n https://febin.hacklido.com/d/90-cve-2021-40662-chamilo-lms-11114-rce", "creation_timestamp": "2022-11-23T20:50:09.000000Z"}, {"uuid": "e950d2f1-212b-49d1-a87b-53e6a2d4b3e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40662", "type": "published-proof-of-concept", "source": "Telegram/YFXYCCVQZRGOcIyKtXLJhlRicEOjhhsvwkUuMglsfVEAzkc", "content": "", "creation_timestamp": "2022-11-23T18:58:28.000000Z"}, {"uuid": "b63290d1-d6b0-465f-9076-411182256071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40668", "type": "seen", "source": "https://t.me/cibsecurity/44087", "content": "\u203c CVE-2021-40668 \u203c\n\nThe Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-09T16:33:21.000000Z"}, {"uuid": "0eb217a2-b60e-43f7-a580-a3ca8a6b5d6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40660", "type": "seen", "source": "https://t.me/cibsecurity/44404", "content": "\u203c CVE-2021-40660 \u203c\n\nAn issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-14T18:23:54.000000Z"}, {"uuid": "c86e7412-55cf-4e74-991a-e47ab055c380", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40663", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/45405", "content": "\u203c CVE-2021-40663 \u203c\n\ndeep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-30T16:38:35.000000Z"}, {"uuid": "ed0b2414-0916-4377-b838-50fdd37435d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40662", "type": "seen", "source": "https://t.me/cibsecurity/39350", "content": "\u203c CVE-2021-40662 \u203c\n\nA Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T23:26:40.000000Z"}, {"uuid": "fa794875-4471-4b06-b3c1-977e7498069f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-40669", "type": "seen", "source": "https://t.me/cibsecurity/29002", "content": "\u203c CVE-2021-40669 \u203c\n\nSQL Injection vulnerability exists in Wuzhi CMS 4.1.0 via the keywords parameter under the coreframe/app/promote/admin/index.php file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-09-16T22:23:25.000000Z"}]}