{"vulnerability": "cve-2023-4635", "sightings": [{"uuid": "8f2799f1-c4d7-4216-b87a-b089c9cb6df2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46351", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19036", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46351\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.\n\ud83d\udccf Published: 2024-01-19T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T18:19:05.628Z\n\ud83d\udd17 References:\n1. https://mypresta.eu/modules/front-office-features/manufacturers-brands-images-block.html\n2. https://security.friendsofpresta.org/modules/2024/01/18/mib.html", "creation_timestamp": "2025-06-20T18:42:32.000000Z"}, {"uuid": "de4e18ea-f814-4bf0-80d6-5262fbe1b03d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46350", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/19070", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-46350\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: SQL injection vulnerability in InnovaDeluxe \"Manufacturer or supplier alphabetical search\" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike.\n\ud83d\udccf Published: 2024-02-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-06-20T20:18:50.373Z\n\ud83d\udd17 References:\n1. https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html", "creation_timestamp": "2025-06-20T20:44:13.000000Z"}, {"uuid": "6f2c730e-6362-4d9b-b9c4-e3c74c9150d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46350", "type": "seen", "source": "https://t.me/ctinow/198457", "content": "https://ift.tt/HFNW8su\nCVE-2023-46350 | Innovadeluxe Manufacturer or Supplier Alphabetical Search Module getCornersLink sql injection", "creation_timestamp": "2024-03-02T19:46:43.000000Z"}, {"uuid": "e4044592-ff5a-4c83-ba3a-66261a0f3f07", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46355", "type": "seen", "source": "https://t.me/ctinow/155565", "content": "https://ift.tt/Wh5KYor\nCVE-2023-46355 | BI Modules CSV Feeds PRO Module up to 2.6.0 on PrestaShop information disclosure", "creation_timestamp": "2023-12-17T10:42:24.000000Z"}, {"uuid": "1fa38cb8-4c28-4767-a826-104b1d2e4927", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4635", "type": "seen", "source": "https://t.me/cibsecurity/72730", "content": "\u203c CVE-2023-4635 \u203c\n\nThe EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-21T12:35:52.000000Z"}, {"uuid": "0fa08c1e-24c9-451e-8c1a-4fd9f598280d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "published-proof-of-concept", "source": "Telegram/V4syNpMxkPFAc5EdMra5TkX2CqRWUdkYzeMg8pBgC5JiX7w", "content": "", "creation_timestamp": "2024-06-04T16:09:08.000000Z"}, {"uuid": "8eafd592-35b6-4479-99f6-1442075a6dde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46351", "type": "seen", "source": "https://t.me/ctinow/185386", "content": "https://ift.tt/zu9Becj\nCVE-2023-46351 | MyPresta.eu Module Mib up to 1.6.0 on PrestaShop getManufacturersByCategory sql injection", "creation_timestamp": "2024-02-15T10:21:00.000000Z"}, {"uuid": "b486f0b4-fb02-4185-9690-606aec092990", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "seen", "source": "https://t.me/ctinow/196689", "content": "https://ift.tt/trPzMQo\nCVE-2023-46359 | Hardy Barth cPH2 eCharge Ladestation up to 1.87.0 Connectivity Check os command injection", "creation_timestamp": "2024-02-29T14:52:00.000000Z"}, {"uuid": "955a3fdf-d1ea-42d0-bf73-2df6a9d6f1a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "seen", "source": "https://t.me/ctinow/179670", "content": "https://ift.tt/HYcqC0v\nCVE-2023-46359", "creation_timestamp": "2024-02-06T02:26:38.000000Z"}, {"uuid": "81c67f57-581f-4578-9460-9fef038409be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "seen", "source": "https://t.me/ctinow/184055", "content": "https://ift.tt/ebQ8VHh\nCVE-2023-46359 Exploit", "creation_timestamp": "2024-02-13T19:17:15.000000Z"}, {"uuid": "9aa02616-a477-436a-9356-5e4059de15b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46354", "type": "seen", "source": "https://t.me/ctinow/160844", "content": "https://ift.tt/370WgHB\nCVE-2023-46354 | MyPrestaModules Orders Export Pro Module up to 5.1.x on PrestaShop permission", "creation_timestamp": "2023-12-30T10:36:37.000000Z"}, {"uuid": "000a312e-b1e0-4f66-b16c-cd62ad31bd94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46350", "type": "seen", "source": "https://t.me/ctinow/181902", "content": "https://ift.tt/ayxbDGP\nCVE-2023-46350", "creation_timestamp": "2024-02-09T09:21:43.000000Z"}, {"uuid": "3001fe58-50ab-43aa-8130-6abcb1c97841", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46353", "type": "seen", "source": "https://t.me/ctinow/160843", "content": "https://ift.tt/7joVvA1\nCVE-2023-46353 | MyPresta.eu Product Tag Icons Pro Module up to 1.8.3 on PrestaShop getTiconByProductAndTicon sql injection", "creation_timestamp": "2023-12-30T10:36:36.000000Z"}, {"uuid": "d92b695b-4a30-40de-8340-ec0e86fac6cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9666", "content": "#exploit\n1. CVE-2023-46359/CVE-2023-46360:\nOS Command Injection in cPH2 Charging Station <2.0\nhttps://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360\n\n2. WebKit Exploit for PS4 6.x-9.6 / PS5 1.x-5.x\nhttps://github.com/kmeps4/PSFree\n\n3. CVE-2022-28117:\nSSRF in feed_parser class of Navigate CMS v2.9.4\nhttps://github.com/kimstars/POC-CVE-2022-28117", "creation_timestamp": "2024-01-03T20:41:00.000000Z"}, {"uuid": "0b61589c-2ecc-4a1f-b7ed-b4ca07314b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-46359", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2605", "content": "#exploit\n1. CVE-2023-46359/CVE-2023-46360:\nOS Command Injection in cPH2 Charging Station <2.0\nhttps://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360\n\n2. WebKit Exploit for PS4 6.x-9.6 / PS5 1.x-5.x\nhttps://github.com/kmeps4/PSFree\n\n3. CVE-2022-28117:\nSSRF in feed_parser class of Navigate CMS v2.9.4\nhttps://github.com/kimstars/POC-CVE-2022-28117", "creation_timestamp": "2024-08-16T09:08:42.000000Z"}]}