{"vulnerability": "CVE-2023-2723", "sightings": [{"uuid": "d9aa55f8-0d07-4a32-9be2-042873bcc849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27237", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3002", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27237\n\ud83d\udd39 Description: LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:52:03.533Z\n\ud83d\udd17 References:\n1. http://lavalite.com\n2. https://i.ibb.co/34DSW7B/1.png\n3. https://i.ibb.co/kSkqPhQ/3.png\n4. https://i.ibb.co/mJq9CH8/2.png\n5. https://github.com/M19O/Security-Advisories/tree/main/CVE-2023-27237", "creation_timestamp": "2025-01-24T20:04:43.000000Z"}, {"uuid": "36820863-30b2-45b9-9a7f-e2207b2d4e3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-2723", "type": "seen", "source": "https://t.me/cibsecurity/64248", "content": "\u203c CVE-2023-2723 \u203c\n\nUse after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-16T22:30:40.000000Z"}, {"uuid": "5d4d6226-7fa1-49fc-82ee-481f112e74c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27234", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5759", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27234\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.\n\ud83d\udccf Published: 2023-03-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-02-27T19:15:14.030Z\n\ud83d\udd17 References:\n1. https://github.com/Cherry-toto/jizhicms/issues/85", "creation_timestamp": "2025-02-27T19:25:57.000000Z"}, {"uuid": "0d2e6866-80ba-4077-b8aa-856de5ef7ed5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27232", "type": "seen", "source": "Telegram/rQywt5904GaKPhstuaPxmpgcQhp8F9TNO3HCYxaatOTPiPhk", "content": "", "creation_timestamp": "2025-02-18T23:42:23.000000Z"}, {"uuid": "84bfe305-7299-4441-be4c-0b90a286f8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27231", "type": "seen", "source": "Telegram/ipZ1y0k9K5jDnBcl88aT-TzBSGngPGEKBjsF9mlcbdWbdWSo", "content": "", "creation_timestamp": "2025-02-18T23:42:23.000000Z"}, {"uuid": "8dc5cd49-9d66-4c69-be1a-3efd9760b2a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27231", "type": "seen", "source": "https://t.me/cibsecurity/60990", "content": "\u203c CVE-2023-27231 \u203c\n\nTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T02:14:58.000000Z"}, {"uuid": "ef295063-b757-454d-864d-c23fdefb8a68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27238", "type": "seen", "source": "https://t.me/cibsecurity/64002", "content": "\u203c CVE-2023-27238 \u203c\n\nLavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T14:26:57.000000Z"}, {"uuid": "a88b223a-d070-4fa1-b706-f472385cb80c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27237", "type": "seen", "source": "https://t.me/cibsecurity/63999", "content": "\u203c CVE-2023-27237 \u203c\n\nLavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-12T14:26:55.000000Z"}, {"uuid": "bf5478db-6f71-42f9-a424-605687e0cc2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27233", "type": "seen", "source": "https://t.me/cibsecurity/64354", "content": "\u203c CVE-2023-27233 \u203c\n\nPiwigo v13.5.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T00:36:36.000000Z"}, {"uuid": "fbc6031f-21b9-437f-9ec3-32453fa7bf33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27232", "type": "seen", "source": "https://t.me/cibsecurity/60989", "content": "\u203c CVE-2023-27232 \u203c\n\nTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T02:14:54.000000Z"}, {"uuid": "79425bfb-7590-4f95-a8bd-eef69503e86e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27235", "type": "seen", "source": "https://t.me/cibsecurity/60040", "content": "\u203c CVE-2023-27235 \u203c\n\nAn arbitrary file upload vulnerability in the \\admin\\c\\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T11:24:39.000000Z"}, {"uuid": "bdf39106-83ab-47cf-b0fa-184ee5a1be9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27239", "type": "seen", "source": "https://t.me/cibsecurity/60042", "content": "\u203c CVE-2023-27239 \u203c\n\nTenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T11:24:40.000000Z"}, {"uuid": "4dc2ab89-97c5-4e02-86ab-f72fd12a9fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27234", "type": "seen", "source": "https://t.me/cibsecurity/60044", "content": "\u203c CVE-2023-27234 \u203c\n\nA Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-15T11:24:42.000000Z"}]}