{"vulnerability": "CVE-2023-2093", "sightings": [{"uuid": "e35040e4-a1fb-40b8-be2b-5bf043dbe442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20936", "type": "seen", "source": "https://bsky.app/profile/thewhynet.bsky.social/post/3lmch3fi2hh2c", "content": "", "creation_timestamp": "2025-04-08T12:12:04.423658Z"}, {"uuid": "36ce7049-b0f5-4e1e-9a4a-51cb116845c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20938", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwcpwyzjr42s", "content": "", "creation_timestamp": "2025-08-13T21:02:38.619866Z"}, {"uuid": "76b028fa-d814-419b-92dc-c4a52a65e825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20938", "type": "published-proof-of-concept", "source": "https://t.me/cKure/13349", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938.\n\nhttps://coastlinecyber.com/hunting-for-aws-cognito-security-misconfigurations-a-guide-to-uncovering-hidden-dangers/", "creation_timestamp": "2024-07-28T20:20:04.000000Z"}, {"uuid": "2c166299-1c99-4e8a-95b6-10adb8a9bd5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20937", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8406", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20937\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T17:54:01.670Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-02-01\n2. http://packetstormsecurity.com/files/171239/Android-GKI-Kernels-Contain-Broken-Non-Upstream-Speculative-Page-Faults-MM-Code.html", "creation_timestamp": "2025-03-21T18:20:10.000000Z"}, {"uuid": "018c11c0-3cd0-4eef-ba42-4996e2c64bc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20932", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8362", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20932\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T16:08:22.211Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-02-01", "creation_timestamp": "2025-03-21T16:19:21.000000Z"}, {"uuid": "83c7c78d-83a9-4c10-9bb6-2fbf8f2e0205", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20939", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8403", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-20939\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981\n\ud83d\udccf Published: 2023-02-28T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-21T17:58:24.037Z\n\ud83d\udd17 References:\n1. https://source.android.com/security/bulletin/2023-02-01", "creation_timestamp": "2025-03-21T18:20:04.000000Z"}, {"uuid": "781077a2-813d-46d0-acfc-4d6fdc8bef25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20938", "type": "published-proof-of-concept", "source": "https://t.me/linkersec/254", "content": "Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938\n\nAn article by Zi Fan Tan, Gulshan Singh, and Eugene Rodionov about exploiting a vulnerability in the Android Binder device driver that leads to a slab use-after-free.\n\nZi and Eugene also gave a talk (slides) about this work at OffensiveCon last month. There, they also shared the details about finding this vulnerability with a custom Linux Kernel Library\u2013based fuzzer.", "creation_timestamp": "2024-06-13T23:24:17.000000Z"}, {"uuid": "2a65324b-57b2-40a1-a00d-191fd8898e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20937", "type": "published-proof-of-concept", "source": "Telegram/lcHBbc9djOcQxQTmmp71-eSQ4ti3SLrjevUGqO-YOEL5HdE", "content": "", "creation_timestamp": "2023-03-13T13:17:14.000000Z"}, {"uuid": "2cd1970a-002b-4f05-8b87-3c69097d1cbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20937", "type": "seen", "source": "Telegram/ARyj6dNcKudsXfUyvR4Zyk-jKo4mI2Fa06CTmTh2FjP0T7o", "content": "", "creation_timestamp": "2023-03-04T09:24:24.000000Z"}, {"uuid": "4bc4ede9-331f-4cd6-9cec-7d8e0e3d3dbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2093", "type": "seen", "source": "https://t.me/arpsyndicate/530", "content": "#ExploitObserverAlert\n\nCVE-2023-2093\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-11-24T14:27:28.000000Z"}, {"uuid": "1d5ca986-455b-48c1-b7e3-1391977d68a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2093", "type": "seen", "source": "https://t.me/arpsyndicate/1645", "content": "#ExploitObserverAlert\n\nCVE-2023-2093\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-2093. A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.\n\nFIRST-EPSS: 0.000630000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2023-12-10T15:28:53.000000Z"}, {"uuid": "04248f0e-fc22-4dd3-8e9d-d7bc8a2c544c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20938", "type": "published-proof-of-concept", "source": "Telegram/91xq2yljWL5RObjqxZC8vMfawdPdbgsAg0W8g4_pLrCnJck", "content": "", "creation_timestamp": "2024-08-22T10:54:43.000000Z"}, {"uuid": "e146c19a-814f-44db-a583-f526171af22e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2093", "type": "seen", "source": "https://t.me/cibsecurity/62222", "content": "\u203c CVE-2023-2093 \u203c\n\nA vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T14:42:53.000000Z"}, {"uuid": "29481515-da14-42d6-b590-1845031cbdf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20939", "type": "seen", "source": "https://t.me/cibsecurity/59127", "content": "\u203c CVE-2023-20939 \u203c\n\nIn multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:53.000000Z"}, {"uuid": "f27e30d8-ada6-4f33-b584-f58e1be46d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20937", "type": "seen", "source": "https://t.me/cibsecurity/59121", "content": "\u203c CVE-2023-20937 \u203c\n\nIn several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257443051References: Upstream kernel\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:47.000000Z"}, {"uuid": "cf2d98d8-9701-4fbc-97f5-dbf4fa995234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20932", "type": "seen", "source": "https://t.me/cibsecurity/59116", "content": "\u203c CVE-2023-20932 \u203c\n\nIn onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T20:27:41.000000Z"}, {"uuid": "75408c20-2bcf-455a-a30b-378a8a9caf8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-20938", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10625", "content": "#exploit\n1. Exploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF\nhttps://patchstack.com/articles/exploring-the-unpatched-wordpress-ssrf\n\n2. CVE-2024-4358/CVE-2024-1800:\nTelerik Report Server deserialization/authentication bypass exploit chain\nhttps://github.com/sinsinology/CVE-2024-4358\n\n3. CVE-2023-20938:\nAttacking Android Binder\nhttps://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938", "creation_timestamp": "2024-06-04T18:48:59.000000Z"}]}