{"vulnerability": "CVE-2022-4273", "sightings": [{"uuid": "76aa84ad-754d-47ab-a02e-1e19689603f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42732", "type": "seen", "source": "https://t.me/cibsecurity/53077", "content": "\u203c CVE-2022-42732 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:18:00.000000Z"}, {"uuid": "c5eac9d9-6ed2-45c6-9ec6-2f7c223ec35d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42734", "type": "seen", "source": "https://t.me/cibsecurity/53073", "content": "\u203c CVE-2022-42734 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper write access control that could allow to write data in any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:17:53.000000Z"}, {"uuid": "19f3e99f-0119-4a86-9648-daeff2667afb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42733", "type": "seen", "source": "https://t.me/cibsecurity/53070", "content": "\u203c CVE-2022-42733 \u203c\n\nA vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics application server hosts a web service using an operation with improper read access control that could allow files to be retrieved from any folder accessible to the account assigned to the website\u00e2\u20ac\u2122s application pool.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:17:47.000000Z"}, {"uuid": "3e679a2f-0537-44c6-8721-fab90f33d5b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42731", "type": "seen", "source": "https://t.me/cibsecurity/51121", "content": "\u203c CVE-2022-42731 \u203c\n\nmfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-11T18:25:56.000000Z"}, {"uuid": "1d047f94-7dc1-4214-ac3b-4f690e18568e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4273", "type": "seen", "source": "https://t.me/cibsecurity/53946", "content": "\u203c CVE-2022-4273 \u203c\n\nA vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T12:37:40.000000Z"}, {"uuid": "c951f58f-cf4b-451d-83ec-9b3e6a14dfbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-42735", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/58218", "content": "\u203c CVE-2022-42735 \u203c\n\nImproper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T12:41:18.000000Z"}]}