{"vulnerability": "CVE-2023-3033", "sightings": [{"uuid": "bda99994-d3ec-4825-92e6-31b0b3fd1878", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-3033", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/759", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-3033\n\ud83d\udd39 Description: Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.\n\n\n\ud83d\udccf Published: 2023-06-02T12:28:54.133Z\n\ud83d\udccf Modified: 2025-01-08T17:59:27.935Z\n\ud83d\udd17 References:\n1. https://borelenzo.github.io/stuff/2023/06/01/cve-2023-3033.html", "creation_timestamp": "2025-01-08T18:17:03.000000Z"}, {"uuid": "805e63dd-8ea4-4913-80f4-56c4b49ce6c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30333", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2811", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30333\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.\n\ud83d\udccf Published: 2023-05-18T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-23T19:44:52.808Z\n\ud83d\udd17 References:\n1. https://github.com/j0k1rr/some-automated-script/issues/3", "creation_timestamp": "2025-01-23T20:03:32.000000Z"}, {"uuid": "a61078c3-0e55-4821-8b71-ba4af15f53d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30334", "type": "seen", "source": "https://t.me/cibsecurity/63481", "content": "\u203c CVE-2023-30334 \u203c\n\nAsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-09T00:42:51.000000Z"}, {"uuid": "b7850f6c-a995-4028-8495-edab2c85aba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30333", "type": "seen", "source": "https://t.me/cibsecurity/64423", "content": "\u203c CVE-2023-30333 \u203c\n\nAn arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-18T22:32:34.000000Z"}, {"uuid": "18eeff83-ae01-40d8-916d-1af96f377efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30338", "type": "seen", "source": "https://t.me/cibsecurity/62981", "content": "\u203c CVE-2023-30338 \u203c\n\nMultiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-27T18:49:42.000000Z"}, {"uuid": "7951e9fe-68c6-439f-89de-65915243ae05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30330", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3013", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-30330\n\ud83d\udd39 Description: SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.\n\ud83d\udccf Published: 2023-05-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-01-24T19:29:18.699Z\n\ud83d\udd17 References:\n1. https://github.com/Filiplain/LFI-to-RCE-SE-Suite-2.0\n2. https://www.exploit-db.com/exploits/51404", "creation_timestamp": "2025-01-24T20:04:58.000000Z"}, {"uuid": "621b7e3b-02b5-428f-bf01-e40d22412da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-30331", "type": "seen", "source": "https://t.me/cibsecurity/63274", "content": "\u203c CVE-2023-30331 \u203c\n\nAn issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-04T07:44:58.000000Z"}]}