{"vulnerability": "CVE-2022-2423", "sightings": [{"uuid": "4da02302-db71-4677-bc47-82380a5e5002", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24235", "type": "seen", "source": "https://t.me/cibsecurity/39321", "content": "\u203c CVE-2022-24235 \u203c\n\nA Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T21:26:24.000000Z"}, {"uuid": "8498936b-e0c1-4b9a-8803-d3a37e410986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24236", "type": "seen", "source": "https://t.me/cibsecurity/39329", "content": "\u203c CVE-2022-24236 \u203c\n\nAn insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users' accounts.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T21:26:32.000000Z"}, {"uuid": "699f2d62-1cd4-43c7-98f0-744f394f97d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24237", "type": "seen", "source": "https://t.me/cibsecurity/39324", "content": "\u203c CVE-2022-24237 \u203c\n\nThe snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-21T21:26:27.000000Z"}, {"uuid": "769065d3-61d6-44e3-bd15-5f640f1e0855", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24232", "type": "seen", "source": "https://t.me/cibsecurity/38042", "content": "\u203c CVE-2022-24232 \u203c\n\nA local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T22:14:52.000000Z"}]}