{"vulnerability": "CVE-2022-3106", "sightings": [{"uuid": "1707e2b0-e133-4d31-bf75-593170123d2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31060", "type": "seen", "source": "https://t.me/cibsecurity/44462", "content": "\u203c CVE-2022-31060 \u203c\n\nDiscourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-15T00:19:22.000000Z"}, {"uuid": "41c7b2cc-4cc2-43ed-ab16-0fbdc4ca5f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31065", "type": "seen", "source": "https://t.me/cibsecurity/45242", "content": "\u203c CVE-2022-31065 \u203c\n\nBigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T00:35:21.000000Z"}, {"uuid": "2e1e1e4d-7711-46fa-bc16-2c693d5fc245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31061", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2878", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for GLPI CVE-2022-31061\nURL\uff1ahttps://github.com/Vu0r1-sec/CVE-2022-31061\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-07T22:25:39.000000Z"}, {"uuid": "f870f591-9ce6-4e25-aafb-39380095fe2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31061", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2877", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPoC for GLPI CVE-2022-31061\nURL\uff1ahttps://github.com/Vu0r1/CVE-2022-31061\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-07T18:20:59.000000Z"}, {"uuid": "99032310-3fda-4fe4-9068-e508560e7745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31061", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/380", "content": "CVE-2022-31061 : GLPI >= 9.3.0 / < 10.0.2 - Unauthenticated SQL injection on login page\nhttps://github.com/Vu0r1-sec/CVE-2022-31061", "creation_timestamp": "2022-08-10T05:30:51.000000Z"}, {"uuid": "33c6991c-9818-4d31-9274-b8ba327fb7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3106", "type": "seen", "source": "https://t.me/cibsecurity/54568", "content": "\u203c CVE-2022-3106 \u203c\n\nAn issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-15T00:23:02.000000Z"}, {"uuid": "09a151d5-8fe7-4500-935e-39a040c5c097", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31061", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6560", "content": "#exploit\n1. CVE-2022-31061:\nGLPI >= 9.3.0 / < 10.0.2 - Unauthenticated SQL injection on login page\nhttps://github.com/Vu0r1-sec/CVE-2022-31061\n\n2. CVE-2022-31101:\nExploit for PrestaShop bockwishlist module 2.1.0 SQLi\nhttps://github.com/karthikuj/CVE-2022-31101", "creation_timestamp": "2022-08-10T10:50:35.000000Z"}, {"uuid": "53732901-5a17-47b3-a272-e81525ac969c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3106", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12781", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3106\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().\n\ud83d\udccf Published: 2022-12-14T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T02:42:23.466Z\n\ud83d\udd17 References:\n1. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v5.19-rc2&id=407ecd1bd726f240123f704620d46e285ff30dd9\n2. https://bugzilla.redhat.com/show_bug.cgi?id=2153066", "creation_timestamp": "2025-04-22T03:02:41.000000Z"}, {"uuid": "dce26254-6690-41bc-9fc8-c619db4d953e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31062", "type": "seen", "source": "https://t.me/cibsecurity/44848", "content": "\u203c CVE-2022-31062 \u203c\n\n### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-21T02:26:53.000000Z"}, {"uuid": "e9694f28-f718-47ae-86c4-387ad813093b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31068", "type": "seen", "source": "https://t.me/cibsecurity/45322", "content": "\u203c CVE-2022-31068 \u203c\n\nGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T22:42:27.000000Z"}, {"uuid": "f9ec8ddb-1dc0-41d9-8150-a02e5dc90d1d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31061", "type": "seen", "source": "https://t.me/cibsecurity/45320", "content": "\u203c CVE-2022-31061 \u203c\n\nGLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T22:42:25.000000Z"}, {"uuid": "4bd716e4-da96-42a5-a08b-79e9c5c167ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31064", "type": "seen", "source": "https://t.me/cibsecurity/45235", "content": "\u203c CVE-2022-31064 \u203c\n\nBigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T00:35:11.000000Z"}]}