{"vulnerability": "CVE-2023-23948", "sightings": [{"uuid": "4671c34f-4249-4e3d-bb64-51dfabf50313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "seen", "source": "https://t.me/cibsecurity/58013", "content": "\u203c CVE-2023-23948 \u203c\n\nThe ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-13T20:30:00.000000Z"}, {"uuid": "1041c5db-3ea6-4f77-93ba-94d50889eeec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "published-proof-of-concept", "source": "Telegram/uv1uFiDWKsOxGZBkwk8tIqSTL_hUcb07tN8YiiPHubAxEuU", "content": "", "creation_timestamp": "2023-02-27T18:37:22.000000Z"}, {"uuid": "6c863463-26e4-40e1-8604-53b4920c592a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "seen", "source": "Telegram/yNx8xcOMzym-uwmk69v7zW6sw7sXyn5gg1t71GI9dnHTf28", "content": "", "creation_timestamp": "2023-02-14T09:13:20.000000Z"}, {"uuid": "5b0cd0d1-5d66-4282-b68f-0e42d833dbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7828", "content": "#exploit\n1. Tips on how to write exploit scripts\nhttps://github.com/rizemon/exploit-writing-for-oswe\n\n2. Exploiting a SUID logic bug in readline\nhttps://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline\n\n3. CVE-2023-24804, CVE-2023-23948:\nSQL injection vulnerabilities in Owncloud Android app\nhttps://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app", "creation_timestamp": "2023-02-26T15:28:42.000000Z"}, {"uuid": "7d41830e-4b4c-42b1-8f10-aed2a3e0e2b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "seen", "source": "https://t.me/androidMalware/1781", "content": "SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948\nThe Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app\nhttps://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/", "creation_timestamp": "2023-02-17T00:09:16.000000Z"}, {"uuid": "9ed80aea-629c-45dc-a6b5-3593cf229bd8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-23948", "type": "seen", "source": "https://t.me/thebugbountyhunter/7056", "content": "SQL injection vulnerabilities in Owncloud Android app - CVE-2023-24804, CVE-2023-23948\nThe Owncloud Android app uses content providers to manage its data. The provider FileContentProvider has SQL injection vulnerabilities that allow malicious applications or users in the same device to obtain internal information of the app\nhttps://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/", "creation_timestamp": "2023-02-17T03:23:35.000000Z"}]}