{"vulnerability": "CVE-2023-4345", "sightings": [{"uuid": "41abc932-71b9-4bc2-be32-a04a767ea1d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43454", "type": "seen", "source": "https://t.me/ctinow/157701", "content": "https://ift.tt/chzqQsr\nCVE-2023-43454 | Totolink X6000R 9.4.0cu.652_B20230116/9.4.0cu.852_B20230719 switchOpMode hostName command injection", "creation_timestamp": "2023-12-21T14:11:49.000000Z"}, {"uuid": "435f6acc-2dcd-47f2-a60c-0d817aafc813", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43453", "type": "seen", "source": "https://t.me/ctinow/157736", "content": "https://ift.tt/9GIK5zi\nCVE-2023-43453 | Totolink X6000R 9.4.0cu.652_B20230116/9.4.0cu.852_B20230719 DiagnosisCfg IP command injection", "creation_timestamp": "2023-12-21T15:11:36.000000Z"}, {"uuid": "824235d8-7bd3-4e79-9a3a-2b62798f2f5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43458", "type": "seen", "source": "https://t.me/cibsecurity/71024", "content": "\u203c CVE-2023-43458 \u203c\n\nCross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-26T00:34:40.000000Z"}, {"uuid": "33cd1853-7b8e-4a36-8908-3c61d4ddc33a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43455", "type": "seen", "source": "https://t.me/ctinow/157699", "content": "https://ift.tt/LARF0QP\nCVE-2023-43455 | TOTOLINK X6000R 9.4.0cu.652_B20230116/9.4.0cu.852_B20230719 TracerouteCfg command command injection", "creation_timestamp": "2023-12-21T14:11:47.000000Z"}, {"uuid": "4cd70e2c-2d42-447e-92be-061e34b38a03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43457", "type": "seen", "source": "https://t.me/cibsecurity/71021", "content": "\u203c CVE-2023-43457 \u203c\n\nAn issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-26T00:34:34.000000Z"}, {"uuid": "de82d6bb-2c19-4ee1-94b9-da0a4d48d1c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-43456", "type": "seen", "source": "https://t.me/cibsecurity/70998", "content": "\u203c CVE-2023-43456 \u203c\n\nCross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-25T18:39:18.000000Z"}]}