{"vulnerability": "cve-2022-2439", "sightings": [{"uuid": "9a230881-38d1-4a79-9770-1f4d4d64ce59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2439", "type": "seen", "source": "https://t.me/cvedetector/6240", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-2439 - Easy Digital Downloads PHAR Deserialization Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-2439 \nPublished : Sept. 24, 2024, 3:15 a.m. | 25\u00a0minutes ago \nDescription : The Easy Digital Downloads \u2013 Simple eCommerce for Selling Digital Files plugin for WordPress is vulnerable to deserialization of untrusted input via the 'upload[file]' parameter in versions up to, and including 3.3.3. This makes it possible for authenticated administrative users to call files using a PHAR wrapper, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. \nSeverity: 7.2 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"24 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-24T05:42:10.000000Z"}, {"uuid": "5ce7da37-808d-47d1-a80b-3a1b299b24c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24394", "type": "seen", "source": "https://t.me/cibsecurity/42866", "content": "\u203c CVE-2022-24394 \u203c\n\nVulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the \u00e2\u20ac\u0153update_checkfile\u00e2\u20ac\ufffd value for the \u00e2\u20ac\u0153filename\u00e2\u20ac\ufffd parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost and return results in an HTTP response via an authenticated session. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T00:27:48.000000Z"}, {"uuid": "b71cbe5d-b946-4d0c-bb21-d32ef241b916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24390", "type": "seen", "source": "https://t.me/cibsecurity/42862", "content": "\u203c CVE-2022-24390 \u203c\n\nVulnerability in rconfig \u00e2\u20ac\u0153remote_text_file\u00e2\u20ac\ufffd enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T00:27:45.000000Z"}, {"uuid": "d1643045-9470-41d2-afd4-4a206cc3ad7c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-24397", "type": "seen", "source": "https://t.me/cibsecurity/38726", "content": "\u203c CVE-2022-24397 \u203c\n\nSAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim\u00e2\u20ac\u2122s web browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-10T20:26:17.000000Z"}]}