{"uuid": "097e7c44-1b78-499c-b109-5eecaba7d5e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26352", "type": "seen", "source": "https://t.me/cybersecs/1169", "content": "Acunetix v14.9.220713150 - 14th July 2022 (Windows and Linux only)\n\n\nDownload:\nhttps://mega.nz/file/OgcBkS7b#Ln3MPnOevxSvfVthjUOeHAsYJHVg7yxeL8TQqEuCTy0\n\nPlease remember to credit us if you will share :)\nPay attention to leecher, scammers and skids.\n\nInstructions are inside the zip archive.\nFor any issues or questions ping us on our chat!\nEnjoy\n\nChangelog:\n\nNew features\nJAVA IAST AcuSensor can now be used on WebSphere\nHTTP requests can be copied as Curl command from the vulnerability data\nNew vulnerability checks\nNew check for DotCMS unrestricted file upload (CVE-2022-26352)\nNew check for .NET JSON.NET Deserialization RCE\nNew check for Unauthenticated RCE in Confluence Server and Data Center (CVE-2022-26134)\nNew check for Authentication bypass via MongoDB operator injection\nNew check for MongoDB $where operator JavaScript injection\n\nUpdates\nMultiple DeepScan updates improving crawling of Single Page Applications (SPAs)\nUpgraded Chromium to v103.0.5060.114\nImproved handling of installed.json by PHP IAST AcuSensor\nSCA, AcuMonitor (OOB vulnerability checks) and URL malware checks now require the \u201cAcunetix Online Services\u201d to be enabled in the user profile\nUpdated the MongoDB Injection checks\nVarious UI updates and fixes\n\nFixes\nMultiple fixes in the JAVA and .NET IAST AcuSensors\nFixed false negative in \u201cPossible virtual host found\u201d\nFixed bug causing CSRF tokens to be retrieved using HTTP\nFixed false positive in \u201cApache HTTP Server Source Code Disclosure\u201d", "creation_timestamp": "2022-07-28T20:19:26.000000Z"}