{"vulnerability": "CVE-2023-3727", "sightings": [{"uuid": "22ae15c2-efd1-4605-852f-1d6c6fa60017", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37273", "type": "published-proof-of-concept", "source": "Telegram/rLwJW8Sxt7uWsdYlvaJmmjpBkh3NAlLwTD4aRP5kjpBY5_E", "content": "", "creation_timestamp": "2025-06-23T21:00:07.000000Z"}, {"uuid": "b04173c6-e443-4ba6-873b-56703f53d4b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37273", "type": "published-proof-of-concept", "source": "Telegram/Od3SFIwTXU85oXzkcR6Q-PR-rjVZLt3U6sXYvEmQ4ovgOa8", "content": "", "creation_timestamp": "2025-06-24T21:00:04.000000Z"}, {"uuid": "05fd2f1c-b1de-4bdb-a470-50128e479f04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37279", "type": "seen", "source": "https://t.me/cibsecurity/70863", "content": "\u203c CVE-2023-37279 \u203c\n\nFaktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-21T02:30:27.000000Z"}, {"uuid": "6ce4e3a9-4732-42e0-95ca-c1f4e2d8d47c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-37270", "type": "seen", "source": "https://t.me/cibsecurity/66235", "content": "\u203c CVE-2023-37270 \u203c\n\nPiwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-07-08T11:39:02.000000Z"}]}