{"vulnerability": "CVE-2022-2748", "sightings": [{"uuid": "cb205225-4073-49e6-a92e-0113d4cabb86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27486", "type": "seen", "source": "https://t.me/cvedetector/3032", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-27486 - Fortinet FortiDDoS OS Command Injection\", \n  \"Content\": \"CVE ID : CVE-2022-27486 \nPublished : Aug. 13, 2024, 4:15 p.m. | 23\u00a0minutes ago \nDescription : A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0, 5.0.0, 4.7.0, 4.6.0 and 4.5.0 and FortiDDoS-F version 6.3.0 through 6.3.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 allows an authenticated attacker to execute shell code as `root`\u00a0via `execute` CLI commands. \nSeverity: 6.6 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"13 Aug 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-08-13T18:47:39.000000Z"}, {"uuid": "8d01d995-b38f-4bf8-b9fd-45930735646b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27489", "type": "seen", "source": "https://t.me/cibsecurity/58370", "content": "\u203c CVE-2022-27489 \u203c\n\nA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:26:41.000000Z"}, {"uuid": "0ebe72eb-ff54-4d43-9962-21fb10fc3dfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27484", "type": "seen", "source": "https://t.me/cibsecurity/47493", "content": "\u203c CVE-2022-27484 \u203c\n\nA unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T18:18:47.000000Z"}, {"uuid": "a5fcab2f-3a25-4cca-a76d-ed37871ab605", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27482", "type": "seen", "source": "https://t.me/cibsecurity/58358", "content": "\u203c CVE-2022-27482 \u203c\n\nA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:17:49.000000Z"}, {"uuid": "03fc4487-f50d-4d98-84e2-1c505088213c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2748", "type": "seen", "source": "https://t.me/cibsecurity/47938", "content": "\u203c CVE-2022-2748 \u203c\n\nA vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206016.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-11T12:32:04.000000Z"}, {"uuid": "63a2454f-b6f7-446e-b3c8-33f3766d9184", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27483", "type": "seen", "source": "https://t.me/cibsecurity/46555", "content": "\u203c CVE-2022-27483 \u203c\n\nA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-19T18:40:59.000000Z"}, {"uuid": "a186ebab-5cd9-4e06-9d5b-06ff53a33a54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27487", "type": "seen", "source": "https://t.me/cibsecurity/61884", "content": "\u203c CVE-2022-27487 \u203c\n\nA improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-11T20:23:22.000000Z"}, {"uuid": "bacc3bf3-610f-4b87-8f9d-59efae77cbab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27480", "type": "seen", "source": "https://t.me/cibsecurity/40585", "content": "\u203c CVE-2022-27480 \u203c\n\nA vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:22:59.000000Z"}, {"uuid": "cf0d053b-525a-4e39-9033-669ef644d3bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-27481", "type": "seen", "source": "https://t.me/cibsecurity/40584", "content": "\u203c CVE-2022-27481 \u203c\n\nA vulnerability has been identified in SCALANCE W1788-1 M12 (All versions < V3.0.0), SCALANCE W1788-2 EEC M12 (All versions < V3.0.0), SCALANCE W1788-2 M12 (All versions < V3.0.0), SCALANCE W1788-2IA M12 (All versions < V3.0.0). Affected devices do not properly handle resources of ARP requests. This could allow an attacker to cause a race condition that leads to a crash of the entire device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T15:35:26.000000Z"}]}