{"vulnerability": "CVE-2022-2462", "sightings": [{"uuid": "4613a756-e0a9-43a0-b8bc-81328539f92e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24627", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1560", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24627\n\ud83d\udd39 Description: An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.\n\ud83d\udccf Published: 2023-05-29T00:00:00\n\ud83d\udccf Modified: 2025-01-14T17:23:20.222Z\n\ud83d\udd17 References:\n1. http://seclists.org/fulldisclosure/2023/Feb/12", "creation_timestamp": "2025-01-14T18:10:20.000000Z"}, {"uuid": "d112650a-ce49-430a-89c8-82d8760b5c6a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2462", "type": "seen", "source": "https://t.me/cibsecurity/49361", "content": "\u203c CVE-2022-2462 \u203c\n\nThe Transposh WordPress Translation plugin for WordPress is vulnerable to sensitive information disclosure to unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tp_history' AJAX action and insufficient restriction on the data returned in the response. This makes it possible for unauthenticated users to exfiltrate usernames of individuals who have translated text.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T22:19:36.000000Z"}, {"uuid": "bb498418-8819-4ab6-b1d6-3385a18d6916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24627", "type": "seen", "source": "https://t.me/cibsecurity/64771", "content": "\u203c CVE-2022-24627 \u203c\n\nAn issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-30T00:36:23.000000Z"}, {"uuid": "911bd873-e3a8-4e84-9dee-d47f25e01da3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24620", "type": "seen", "source": "https://t.me/cibsecurity/37992", "content": "\u203c CVE-2022-24620 \u203c\n\nPiwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T18:14:42.000000Z"}]}