{"vulnerability": "CVE-2023-45826", "sightings": [{"uuid": "0e9d5b55-a875-4240-b138-eefe16bafec3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45826", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lj4blajd3j2w", "content": "", "creation_timestamp": "2025-02-26T21:02:01.448140Z"}, {"uuid": "69ab13d4-ab71-48ab-b6d0-1e93ec460999", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45826", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-45826.yaml", "content": "", "creation_timestamp": "2025-02-25T08:31:44.000000Z"}, {"uuid": "502225e2-74bf-412c-9a47-9365e40d775d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-45826", "type": "seen", "source": "https://t.me/cibsecurity/72608", "content": "\u203c CVE-2023-45826 \u203c\n\nLeantime is an open source project management system. A 'userId' variable in `app/domain/files/repositories/class.files.php` is not parameterized. An authenticated attacker can send a carefully crafted POST request to `/api/jsonrpc` to exploit an SQL injection vulnerability. Confidentiality is impacted as it allows for dumping information from the database. This issue has been addressed in version 2.4-beta-4. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-19T22:34:49.000000Z"}]}