{"vulnerability": "CVE-2024-1076", "sightings": [{"uuid": "1635504e-39fa-48bb-9bf9-ffdb9338ef87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3li22shsnhf2h", "content": "", "creation_timestamp": "2025-02-13T06:30:17.863604Z"}, {"uuid": "224426e6-f6af-43b7-9f49-9b1d2ef8c917", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113995241047524592", "content": "", "creation_timestamp": "2025-02-13T06:48:57.912217Z"}, {"uuid": "99e585d5-9be1-4462-996c-d3747d29f1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10761", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/2522", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-10761\n\ud83d\udd39 Description: A vulnerability was found in Umbraco CMS up to 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 10.8.8, 13.5.3, 14.3.2 and 15.1.2 is able to address this issue. It is recommended to upgrade the affected component.\n\ud83d\udccf Published: 2024-11-04T05:00:06.691Z\n\ud83d\udccf Modified: 2025-01-22T07:47:21.294Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.282930\n2. https://vuldb.com/?ctiid.282930\n3. https://vuldb.com/?submit.427091\n4. https://drive.google.com/file/d/1YoZgdlS3QT7Xu005j9RO-FFUT8RbB0Da/view?usp=sharing\n5. https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-69cg-w8vm-h229", "creation_timestamp": "2025-01-22T08:01:58.000000Z"}, {"uuid": "2de3667e-51ea-4399-aab9-c6a1266f5f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li2ypbvcz62r", "content": "", "creation_timestamp": "2025-02-13T15:25:28.021304Z"}, {"uuid": "8fded230-6869-4a54-b667-08637cf42db6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li37pufv7q24", "content": "", "creation_timestamp": "2025-02-13T17:30:58.165072Z"}, {"uuid": "318f0ad5-21a0-4667-846d-5bd2414cff5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://bsky.app/profile/vulnalerts.bsky.social/post/3li3vieoyq22n", "content": "", "creation_timestamp": "2025-02-14T00:00:29.435022Z"}, {"uuid": "32806d1d-d152-4042-8d1c-5f169592b233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "MISP/db121278-a8f5-4f36-a226-e45f3a86f55e", "content": "", "creation_timestamp": "2025-08-26T13:26:34.000000Z"}, {"uuid": "6a582970-49d1-407b-950d-416c300dc69d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113994705591476512", "content": "", "creation_timestamp": "2025-02-13T04:32:47.421330Z"}, {"uuid": "73835834-b6be-44ba-a289-d8b57251f460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113994723769435269", "content": "", "creation_timestamp": "2025-02-13T04:37:24.819174Z"}, {"uuid": "0cb82243-468c-4fc7-ab38-0d364b8df858", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhzwn4fuiy2a", "content": "", "creation_timestamp": "2025-02-13T05:15:40.869634Z"}, {"uuid": "e75c92dd-4e4b-4c68-965f-03dae1337eb0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10762", "type": "seen", "source": "MISP/3e4b778d-5810-4171-a915-f1d106684af4", "content": "", "creation_timestamp": "2025-08-11T18:27:49.000000Z"}, {"uuid": "22d011f3-339c-44b0-82ef-18e4ebd730d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1076", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/8736", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1076\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The SSL Zen  WordPress plugin before 4.6.0 does not properly prevent directory listing of the private keys folder, as it only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX.\n\ud83d\udccf Published: 2024-05-08T06:00:02.175Z\n\ud83d\udccf Modified: 2025-03-25T19:06:42.370Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/9c3e9c72-3d6c-4e2c-bb8a-f4efce1371d5/", "creation_timestamp": "2025-03-25T19:24:49.000000Z"}, {"uuid": "07a75cce-e11f-485a-b8f5-2f6430d442b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "https://t.me/cvedetector/17977", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10763 - Campress WordPress Local File Inclusion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10763 \nPublished : Feb. 13, 2025, 5:15 a.m. | 2\u00a0hours, 13\u00a0minutes ago \nDescription : The Campress theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.35 via the 'campress_woocommerce_get_ajax_products' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-13T08:48:04.000000Z"}, {"uuid": "73b31df9-fede-4fbd-8ef2-c19742694548", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10760", "type": "seen", "source": "https://t.me/cvedetector/9697", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10760 - University Event Management System SQL Injection Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10760 \nPublished : Nov. 4, 2024, 5:15 a.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T06:54:12.000000Z"}, {"uuid": "ffa242ed-4dd6-4591-a7dd-cb001e69e36f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10764", "type": "seen", "source": "https://t.me/cvedetector/9767", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10764 - Codezips Online Institute Management System File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10764 \nPublished : Nov. 4, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T17:47:32.000000Z"}, {"uuid": "613dad7d-43e9-414e-b5c1-f8ccc3c6b050", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10765", "type": "seen", "source": "https://t.me/cvedetector/9766", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10765 - Codezips Online Institute Management System Remote Unrestricted File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10765 \nPublished : Nov. 4, 2024, 4:15 p.m. | 26\u00a0minutes ago \nDescription : A vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T17:47:31.000000Z"}, {"uuid": "7a1c81c0-5546-47c1-b227-9556778c3a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10761", "type": "seen", "source": "https://t.me/cvedetector/9696", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10761 - Umbraco CMS Cross-Site Scripting in Dashboard Component\", \n  \"Content\": \"CVE ID : CVE-2024-10761 \nPublished : Nov. 4, 2024, 5:15 a.m. | 37\u00a0minutes ago \nDescription : A vulnerability was found in Umbraco CMS 12.3.6. It has been classified as problematic. Affected is an unknown function of the file /Umbraco/preview/frame?id{} of the component Dashboard. The manipulation of the argument culture leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T06:54:12.000000Z"}, {"uuid": "98a6a922-96fa-4c49-ae67-c3c27344cf8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "published-proof-of-concept", "source": "https://t.me/codeb0ss/1688", "content": "", "creation_timestamp": "2025-02-13T22:38:32.000000Z"}, {"uuid": "6176a1e0-cd47-444b-9b06-bd649ed846e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10766", "type": "seen", "source": "https://t.me/cvedetector/9776", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10766 - Codezips Free Exam Hall Seating Management System File Upload Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10766 \nPublished : Nov. 4, 2024, 6:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. \nSeverity: 6.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T20:18:01.000000Z"}, {"uuid": "9f4c117d-0d06-446f-82e7-3436b1c0f121", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10768", "type": "seen", "source": "https://t.me/cvedetector/9786", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-10768 - PHPGurukul Online Shopping Portal Cross Site Scripting Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-10768 \nPublished : Nov. 4, 2024, 7:15 p.m. | 38\u00a0minutes ago \nDescription : A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. \nSeverity: 3.5 | LOW \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-04T21:08:17.000000Z"}, {"uuid": "d7b7a837-037a-4cf3-a819-bd5e0161e655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-10763", "type": "seen", "source": "Telegram/XKdO0LfJOE5oIeHZELNythNOTNZq3sEYd74ZDWAQj7R4BthD", "content": "", "creation_timestamp": "2025-02-14T10:06:08.000000Z"}]}