{"vulnerability": "cve-2023-4600", "sightings": [{"uuid": "b11cac77-ca36-49ee-a30e-dc51cfa5abf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46004", "type": "seen", "source": "https://t.me/cibsecurity/72518", "content": "\u203c CVE-2023-46004 \u203c\n\nSourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:51.000000Z"}, {"uuid": "2bf73db3-66e9-432e-9ee1-baf482a54d0f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46006", "type": "seen", "source": "https://t.me/cibsecurity/72520", "content": "\u203c CVE-2023-46006 \u203c\n\nSourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:53.000000Z"}, {"uuid": "466f57f0-9cfb-4e43-abc9-70e7ada4d0a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46007", "type": "seen", "source": "https://t.me/cibsecurity/72509", "content": "\u203c CVE-2023-46007 \u203c\n\nSourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:41.000000Z"}, {"uuid": "9163d2a0-8eed-477e-a024-30a65e33227d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4600", "type": "seen", "source": "https://t.me/cibsecurity/69419", "content": "\u203c CVE-2023-4600 \u203c\n\nThe AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to activate arbitrary plugins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-30T16:12:14.000000Z"}, {"uuid": "3276db97-42a9-427c-9fff-48c96e1f4725", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46005", "type": "seen", "source": "https://t.me/cibsecurity/72512", "content": "\u203c CVE-2023-46005 \u203c\n\nSourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-18T16:33:44.000000Z"}]}