{"vulnerability": "cve-2023-4995", "sightings": [{"uuid": "de7cc39a-6d36-4d72-97af-9c73cdc29a3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49952", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113505179980465800", "content": "", "creation_timestamp": "2024-11-18T17:39:59.792388Z"}, {"uuid": "ff501ef1-db29-4a24-85f4-1e88a1733e02", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:49.000000Z"}, {"uuid": "1ed3108d-bc43-468a-89ff-023ab665a3f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:10.000000Z"}, {"uuid": "5a76eea9-4b4a-49ba-8382-a1a90ddd3037", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49952", "type": "seen", "source": "MISP/1c5c38d6-3401-41ac-be0e-4cf361fa6f51", "content": "", "creation_timestamp": "2025-09-25T00:36:28.000000Z"}, {"uuid": "5385bb5a-5cde-4a76-947b-0ee155e180be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49952", "type": "seen", "source": "https://t.me/cvedetector/11373", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2023-49952 - Mastodon HTTP Request Header Rate Limiting Bypass\", \n  \"Content\": \"CVE ID : CVE-2023-49952 \nPublished : Nov. 18, 2024, 6:15 p.m. | 34\u00a0minutes ago \nDescription : Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Nov 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-11-18T19:54:00.000000Z"}, {"uuid": "859abbc3-5937-4fb0-a143-ea748b403a9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "Telegram/NqMiySbxmIrZSmnXeniM-UaOpCcYSdW_8PGgXD3X0qTw6g", "content": "", "creation_timestamp": "2023-12-16T19:49:11.000000Z"}, {"uuid": "0adc40c0-d7e8-4c65-93f1-a25aedb343df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "https://t.me/arpsyndicate/2207", "content": "#ExploitObserverAlert\n\nCVE-2023-49954\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-49954. The CRM Integration in 3CX before 18.0.9.23 and 20 before 20.0.0.1494 allows SQL Injection via a first name, search string, or email address.", "creation_timestamp": "2023-12-28T07:42:05.000000Z"}, {"uuid": "79d80990-aab0-4333-a339-345bbef7ec85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-4995", "type": "seen", "source": "https://t.me/cibsecurity/72245", "content": "\u203c CVE-2023-4995 \u203c\n\nThe Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-13T16:29:12.000000Z"}, {"uuid": "72698c48-9015-480e-aaa7-544882e06372", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/WARLOCK_DARK_ARMY_OFFICIALS/3680", "content": "https://github.com/CVE-2023-49954/CVE-2023-49954.github.io\nSQL Injection in 3CX CRM Integration\n\n#github", "creation_timestamp": "2023-12-16T07:47:47.000000Z"}, {"uuid": "f454746b-ba0d-45f2-8634-1d3f0cd62c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49950", "type": "seen", "source": "https://t.me/ctinow/192928", "content": "https://ift.tt/VoWLTix\nCVE-2023-49950 | Logpoint SIEM up to 7.2.x Jinja Template cross site scripting", "creation_timestamp": "2024-02-25T16:21:48.000000Z"}, {"uuid": "cc5ee36b-c321-48f9-980a-4343eb927b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49950", "type": "seen", "source": "https://t.me/ctinow/183580", "content": "https://ift.tt/PAgKoJI\nCVE-2023-49950 Exploit", "creation_timestamp": "2024-02-13T03:16:27.000000Z"}, {"uuid": "a9dcb697-efd6-4590-96b4-667572394b0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49950", "type": "seen", "source": "https://t.me/ctinow/178469", "content": "https://ift.tt/t3FbwUV\nCVE-2023-49950", "creation_timestamp": "2024-02-03T10:21:51.000000Z"}, {"uuid": "3f9b7052-f370-4baf-ab92-559bd833f455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49956", "type": "seen", "source": "https://t.me/ctinow/160913", "content": "https://ift.tt/LME8rpt\nCVE-2023-49956 | Dalmann OCPP.Core up to 1.2.x StopTransaction Message random values (Issue 34)", "creation_timestamp": "2023-12-30T16:37:08.000000Z"}, {"uuid": "bf5b21cf-540e-4004-9339-7a9042f75774", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49955", "type": "seen", "source": "https://t.me/ctinow/160929", "content": "https://ift.tt/o3JM9Ya\nCVE-2023-49955 | Dalmann OCPP.Core up to 1.1.x Open Charge Point Protocol chargePointVendor denial of service (Issue 32)", "creation_timestamp": "2023-12-30T17:36:58.000000Z"}, {"uuid": "3dd737bc-3b52-4fda-9c5b-895a81cdac9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49958", "type": "seen", "source": "https://t.me/ctinow/160933", "content": "https://ift.tt/5iITed7\nCVE-2023-49958 | Dalmann OCPP.Core up to 1.2.0 StartTransaction Message access control (Issue 36)", "creation_timestamp": "2023-12-30T18:06:57.000000Z"}, {"uuid": "36e741d2-50df-4b27-a124-32e60e7b6776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49957", "type": "seen", "source": "https://t.me/ctinow/160930", "content": "https://ift.tt/6TCIDcU\nCVE-2023-49957 | Dalmann OCPP.Core up to 1.2.x Transaction Management idTag access control (Issue 35)", "creation_timestamp": "2023-12-30T17:36:59.000000Z"}, {"uuid": "e97c2e15-e929-4cf0-b06a-057fc21194b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "seen", "source": "https://t.me/ctinow/159177", "content": "https://ift.tt/VTpyiBS\nCVE-2023-49954", "creation_timestamp": "2023-12-25T09:31:26.000000Z"}, {"uuid": "56d62d2c-9b64-42c4-a096-2797edb39744", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1714", "content": "https://github.com/CVE-2023-49954/CVE-2023-49954.github.io\nSQL Injection in 3CX CRM Integration\n\n#github", "creation_timestamp": "2023-12-16T07:10:06.000000Z"}, {"uuid": "00096db4-6736-4783-94c4-6ce08bbbcd8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9594", "content": "#exploit\n1. CVE-2023-6295:\nso-widgets-bundle < 1.51.0 - Admin+ LFI\nhttps://0day.work/cve-2023-6295-so-widgets-bundle-1-51-0-admin-local-file-inclusion\n\n2. CVE-2023-49954:\nSQL Injection in 3CX CRM Integration\nhttps://github.com/CVE-2023-49954/CVE-2023-49954.github.io\n\n3. Whatsapp Exploit to spoofing impersonate of reply message\nhttps://github.com/lichti/whats-spoofing", "creation_timestamp": "2023-12-16T12:30:46.000000Z"}, {"uuid": "56b9f164-ce5b-47ad-a01d-e245a8f4572b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-49954", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2277", "content": "#exploit\n1. CVE-2023-6295:\nso-widgets-bundle < 1.51.0 - Admin+ LFI\nhttps://0day.work/cve-2023-6295-so-widgets-bundle-1-51-0-admin-local-file-inclusion\n\n2. CVE-2023-49954:\nSQL Injection in 3CX CRM Integration\nhttps://github.com/CVE-2023-49954/CVE-2023-49954.github.io\n\n3. Whatsapp Exploit to spoofing impersonate of reply message\nhttps://github.com/lichti/whats-spoofing", "creation_timestamp": "2024-08-16T08:57:33.000000Z"}]}