{"vulnerability": "cve-2025-4928", "sightings": [{"uuid": "53268614-6df0-4e30-930b-19df79ea3b7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4928", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lpjnnk5clr2t", "content": "", "creation_timestamp": "2025-05-19T13:13:50.257128Z"}, {"uuid": "d1cc55f0-e9f3-40ab-800e-0050aa2e4dd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-4928", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16837", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-4928\n\ud83d\udd25 CVSS Score: 6.9 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.\n\ud83d\udccf Published: 2025-05-19T10:31:04.052Z\n\ud83d\udccf Modified: 2025-05-19T10:31:04.052Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.309490\n2. https://vuldb.com/?ctiid.309490\n3. https://vuldb.com/?submit.579313\n4. https://github.com/hhhanxx/attack/issues/8", "creation_timestamp": "2025-05-19T10:38:11.000000Z"}, {"uuid": "00e1b3e9-cd5f-42be-92b9-6d517cf22e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49281", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lr74ij6mwh2q", "content": "", "creation_timestamp": "2025-06-09T19:30:32.331161Z"}, {"uuid": "1f221f80-5b90-452e-8246-300e323d5a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49282", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/17776", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49282\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magze allows PHP Local File Inclusion. This issue affects Magze: from n/a through 1.0.9.\n\ud83d\udccf Published: 2025-06-09T15:53:47.134Z\n\ud83d\udccf Modified: 2025-06-09T19:47:28.272Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/magze/vulnerability/wordpress-magze-1-0-9-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T20:31:36.000000Z"}, {"uuid": "08abc3fa-d14e-4642-b88c-027cdd698bf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49281", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17777", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49281\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magways allows PHP Local File Inclusion. This issue affects Magways: from n/a through 1.2.1.\n\ud83d\udccf Published: 2025-06-09T15:53:47.818Z\n\ud83d\udccf Modified: 2025-06-09T19:47:22.319Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/magways/vulnerability/wordpress-magways-1-2-1-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T20:31:37.000000Z"}, {"uuid": "5090a264-812f-41c2-a7e3-1af68f5f2b03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-49280", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17778", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-49280\n\ud83d\udd25 CVSS Score: 8.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Unfoldwp Magty allows PHP Local File Inclusion. This issue affects Magty: from n/a through 1.0.6.\n\ud83d\udccf Published: 2025-06-09T15:53:48.534Z\n\ud83d\udccf Modified: 2025-06-09T19:47:12.485Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/wordpress/theme/magty/vulnerability/wordpress-magty-1-0-6-local-file-inclusion-vulnerability?_s_id=cve", "creation_timestamp": "2025-06-09T20:31:38.000000Z"}]}