{"vulnerability": "CVE-2023-7191", "sightings": [{"uuid": "7a72c6d9-bc5b-4e0f-8a36-427a16989b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7191", "type": "seen", "source": "https://t.me/ctinow/161144", "content": "https://ift.tt/qzXKtJ3\nCVE-2023-7191", "creation_timestamp": "2023-12-31T17:26:54.000000Z"}, {"uuid": "5d24ebcd-f739-4ecf-a1e4-672ebd58ee68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7191", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12330", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-7191\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n\ud83d\udccf Published: 2023-12-31T16:00:05.206Z\n\ud83d\udccf Modified: 2025-04-17T19:48:09.151Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.249393\n2. https://vuldb.com/?ctiid.249393\n3. https://note.zhaoj.in/share/Fmytf7wBINbP", "creation_timestamp": "2025-04-17T19:58:02.000000Z"}, {"uuid": "a8386d7e-0a9e-4f1b-ad93-7f6a3a64c1c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7191", "type": "seen", "source": "https://t.me/cibsecurity/74073", "content": "\u203c\ufe0fCVE-2023-7191\u203c\ufe0f\n\nA vulnerability, which was classified as critical, was found in SCMS up to 2.0build2022052920231006. This affects an unknown part of the file memberreg.php. The manipulation of the argument MloginMemail leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB249393 was assigned to this vulnerability. NOTE The vendor was contacted early about this disclosure but did not respond in any way.\n\n\ud83d\udcd6 Read more\n\nVia \"National Vulnerability Database\"", "creation_timestamp": "2024-01-01T01:32:28.000000Z"}, {"uuid": "e543dccb-536d-4ffc-ac08-0dca24aaf63d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-7191", "type": "seen", "source": "https://t.me/ctinow/171038", "content": "https://ift.tt/aicklFL\nCVE-2023-7191 | S-CMS up to 2.0_build20220529-20231006 member/reg.php M_login/M_email sql injection", "creation_timestamp": "2024-01-22T09:11:14.000000Z"}]}