{"vulnerability": "CVE-2023-2764", "sightings": [{"uuid": "ec8a9e01-8cba-4aa9-a281-0a71089efb80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27645", "type": "seen", "source": "Telegram/N_SkSgVEwnMSF5jFGjNpW86GU7OPY28X_MmeX0wCEbvMm1XJ", "content": "", "creation_timestamp": "2025-02-14T10:00:36.000000Z"}, {"uuid": "a68a00eb-63ea-4b73-8ecd-12b39d2d3eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27640", "type": "exploited", "source": "https://t.me/DarkWebInformer_CVEAlerts/834", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-27640\n\ud83d\udd39 Description: An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.\n\ud83d\udccf Published: 2023-06-01T00:00:00\n\ud83d\udccf Modified: 2025-01-08T20:58:57.837Z\n\ud83d\udd17 References:\n1. https://friends-of-presta.github.io/security-advisories/module/2023/03/30/tshirtecommerce_cwe-22.html", "creation_timestamp": "2025-01-08T21:13:28.000000Z"}, {"uuid": "1964ce30-a1ac-40a5-a24f-defbc85711b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27648", "type": "seen", "source": "https://t.me/cibsecurity/62134", "content": "\u203c CVE-2023-27648 \u203c\n\nDirectory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T16:26:02.000000Z"}, {"uuid": "94e7f8c4-61cb-450d-8988-fde7933f175c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27649", "type": "seen", "source": "https://t.me/cibsecurity/62126", "content": "\u203c CVE-2023-27649 \u203c\n\nSQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T16:25:49.000000Z"}, {"uuid": "026c4f63-4627-4208-8e15-6dfa8d66df01", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27643", "type": "seen", "source": "https://t.me/cibsecurity/62123", "content": "\u203c CVE-2023-27643 \u203c\n\nAn issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-14T16:25:47.000000Z"}, {"uuid": "74553d05-1866-4284-ab89-df70d550fed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27645", "type": "seen", "source": "https://t.me/cibsecurity/61862", "content": "\u203c CVE-2023-27645 \u203c\n\nAn issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T16:23:23.000000Z"}, {"uuid": "441dc4b3-b2a7-4106-936f-166c9e8000a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-27647", "type": "seen", "source": "https://t.me/cibsecurity/62193", "content": "\u203c CVE-2023-27647 \u203c\n\nAn issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-15T00:26:18.000000Z"}]}