{"vulnerability": "CVE-2024-1198", "sightings": [{"uuid": "c29f88ef-ae25-4b41-a3d1-0e0548fe03e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11983", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113565104565109777", "content": "", "creation_timestamp": "2024-11-29T07:39:36.215353Z"}, {"uuid": "127a646b-a39b-4d08-a442-165ccd022f2d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11983", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113565117559217540", "content": "", "creation_timestamp": "2024-11-29T07:42:54.414934Z"}, {"uuid": "5a1ba647-372c-430b-acf7-7ea58834cb60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11985", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113592013339623579", "content": "", "creation_timestamp": "2024-12-04T01:42:51.278215Z"}, {"uuid": "02e67047-dde8-4fe6-add7-903d47fadcc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11982", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113565104550583628", "content": "", "creation_timestamp": "2024-11-29T07:39:35.932400Z"}, {"uuid": "14ab7800-5902-4701-951a-1893b7791f13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11980", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113564774111059103", "content": "", "creation_timestamp": "2024-11-29T06:15:33.564024Z"}, {"uuid": "b27179e3-1a5a-46d0-a1e4-3c45a3df09d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11981", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113564829002428472", "content": "", "creation_timestamp": "2024-11-29T06:29:31.138489Z"}, {"uuid": "b7fbb632-2ff8-49c2-a91b-5183c7c8a2d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11982", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113565117545488929", "content": "", "creation_timestamp": "2024-11-29T07:42:54.302240Z"}, {"uuid": "55bd04a9-2ccc-4dc8-8616-3a610cf19c60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11986", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113645827418539907", "content": "", "creation_timestamp": "2024-12-13T13:48:28.902943Z"}, {"uuid": "2a6f9757-acd0-4c2c-88c5-7866de370d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11984", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113677526298188695", "content": "", "creation_timestamp": "2024-12-19T04:09:55.499955Z"}, {"uuid": "a55f74e6-7a7f-421a-88b4-7dfe8f4e4dcf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1198", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/15418", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-1198\n\ud83d\udd25 CVSS Score: 6.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)\n\ud83d\udd39 Description: A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696.\n\ud83d\udccf Published: 2024-02-02T23:31:04.113Z\n\ud83d\udccf Modified: 2025-05-07T20:07:25.662Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.252696\n2. https://vuldb.com/?ctiid.252696\n3. https://note.zhaoj.in/share/qFXZZfp1NLa3", "creation_timestamp": "2025-05-07T20:23:00.000000Z"}, {"uuid": "55448329-a50d-4b9c-a016-6c13fa408bac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11984", "type": "seen", "source": "https://t.me/cvedetector/13307", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11984 - Corporate Training Management System Unrestricted File Upload Remote Code Execution Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11984 \nPublished : Dec. 19, 2024, 4:15 a.m. | 44\u00a0minutes ago \nDescription : A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-19T06:27:26.000000Z"}, {"uuid": "999bac70-d1fb-4629-834e-200b203f0125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1198", "type": "seen", "source": "https://t.me/ctinow/192776", "content": "https://ift.tt/BDUCYHl\nCVE-2024-1198 | openBI up to 6.0.3 Phar User.php addxinzhi outimgurl deserialization", "creation_timestamp": "2024-02-25T08:46:43.000000Z"}, {"uuid": "0e8870a6-f2e7-4477-b1dd-800f2e03f228", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11986", "type": "seen", "source": "https://t.me/cvedetector/12872", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11986 - Apache Host Header Stored XSS Vuln\", \n  \"Content\": \"CVE ID : CVE-2024-11986 \nPublished : Dec. 13, 2024, 2:15 p.m. | 24\u00a0minutes ago \nDescription : Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'. \nSeverity: 9.6 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-13T15:46:22.000000Z"}, {"uuid": "c363f80a-e8a1-4930-aaa8-fa9755dda4c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-11985", "type": "seen", "source": "https://t.me/cvedetector/11936", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-11985 - ASUS Router Improper Input Validation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-11985 \nPublished : Dec. 4, 2024, 2:15 a.m. | 48\u00a0minutes ago \nDescription : An improper input validation vulnerability leads to device crashes in certain ASUS router models.   \nRefer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information. \nSeverity: 4.4 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"04 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-04T04:12:30.000000Z"}, {"uuid": "16da55c5-b0de-4da3-b4a2-b4e7c0fd1814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-1198", "type": "seen", "source": "https://t.me/ctinow/178346", "content": "https://ift.tt/hmH3L4j\nCVE-2024-1198", "creation_timestamp": "2024-02-03T01:21:42.000000Z"}]}