{"vulnerability": "CVE-2022-2724", "sightings": [{"uuid": "8ba95560-bc08-4a4f-8813-c341a57b0301", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2724", "type": "seen", "source": "https://t.me/cibsecurity/47768", "content": "\u203c CVE-2022-2724 \u203c\n\nA vulnerability was found in SourceCodester Employee Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /process/aprocess.php. The manipulation of the argument mailuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205837 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-09T12:24:30.000000Z"}, {"uuid": "f049dc03-cb1b-4eeb-84c9-6bfefcdf39a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27249", "type": "seen", "source": "https://t.me/cibsecurity/40081", "content": "\u203c CVE-2022-27249 \u203c\n\nAn unrestricted file upload vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to execute arbitrary code by using UploadDwg to upload a crafted aspx file to the web root, and then visiting the URL for this aspx resource.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T02:27:10.000000Z"}, {"uuid": "cdab0aa2-a291-4b28-9f96-25e3277b9042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27248", "type": "seen", "source": "https://t.me/cibsecurity/40076", "content": "\u203c CVE-2022-27248 \u203c\n\nA directory traversal vulnerability in IdeaRE RefTree before 2021.09.17 allows remote authenticated users to download arbitrary .dwg files from a remote server by specifying an absolute or relative path when invoking the affected DownloadDwg endpoint. An attack uses the path field to CaddemServiceJS/CaddemService.svc/rest/DownloadDwg.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T02:27:04.000000Z"}, {"uuid": "e0abc696-ac4c-452e-8ceb-15874533af13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27243", "type": "seen", "source": "https://t.me/cibsecurity/39225", "content": "\u203c CVE-2022-27243 \u203c\n\nAn issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T21:22:55.000000Z"}, {"uuid": "f709df20-cacd-40db-bfeb-e8bfee1cc577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27246", "type": "seen", "source": "https://t.me/cibsecurity/39242", "content": "\u203c CVE-2022-27246 \u203c\n\nAn issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T21:28:51.000000Z"}, {"uuid": "941dd336-4e1e-4477-a824-c73d39384946", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27245", "type": "seen", "source": "https://t.me/cibsecurity/39241", "content": "\u203c CVE-2022-27245 \u203c\n\nAn issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T21:28:50.000000Z"}, {"uuid": "7b3109c6-8a75-43d9-ae25-2d8a7673d52e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27244", "type": "seen", "source": "https://t.me/cibsecurity/39245", "content": "\u203c CVE-2022-27244 \u203c\n\nAn issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T21:28:55.000000Z"}, {"uuid": "201e1308-abe6-4dbf-b2a4-8cf16c3608ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27241", "type": "seen", "source": "https://t.me/cibsecurity/40606", "content": "\u203c CVE-2022-27241 \u203c\n\nA vulnerability has been identified in Mendix Applications using Mendix 7 (All versions), Mendix Applications using Mendix 8 (All versions), Mendix Applications using Mendix 9 (All versions < V9.11). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:30:31.000000Z"}, {"uuid": "7a2cc43c-a2fe-4f33-97e6-099e974fb3f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27240", "type": "seen", "source": "https://t.me/cibsecurity/39187", "content": "\u203c CVE-2022-27240 \u203c\n\nscheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T11:22:22.000000Z"}]}