{"vulnerability": "cve-2022-2688", "sightings": [{"uuid": "36134af3-c440-4086-93f7-8a5c3c9d448f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2688", "type": "seen", "source": "https://t.me/cibsecurity/47701", "content": "\u203c CVE-2022-2688 \u203c\n\nA vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-06T22:21:53.000000Z"}, {"uuid": "2406e22c-1625-4832-a1f2-3ac1cfc6dd29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26889", "type": "seen", "source": "https://t.me/cibsecurity/42132", "content": "\u203c CVE-2022-26889 \u203c\n\nThe lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-07T02:42:27.000000Z"}, {"uuid": "55fa0e2d-65a7-49ec-8da5-859ffea74060", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26887", "type": "seen", "source": "https://t.me/cibsecurity/39755", "content": "\u203c CVE-2022-26887 \u203c\n\nDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:28.000000Z"}, {"uuid": "6f847781-68b0-4b09-8eba-be8761bc605f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26885", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13508", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-26885\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: When using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.\n\ud83d\udccf Published: 2022-11-24T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T18:17:36.266Z\n\ud83d\udd17 References:\n1. https://lists.apache.org/thread/z7084r9cs2r26cszkkgjqpb5bhnxqssp", "creation_timestamp": "2025-04-25T19:07:33.000000Z"}, {"uuid": "fe418e99-9340-410b-8a96-98e9ce53064d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26884", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwpcboyoyi2c", "content": "", "creation_timestamp": "2025-08-18T21:02:46.164229Z"}, {"uuid": "29cfcbf6-accf-4feb-b09e-2022e557cf14", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26885", "type": "seen", "source": "https://t.me/cibsecurity/53481", "content": "\u203c CVE-2022-26885 \u203c\n\nWhen using tasks to read config files, there is a risk of database password disclosure. We recommend you upgrade to version 2.0.6 or higher.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-24T18:14:35.000000Z"}, {"uuid": "afcf96f5-126d-4307-9b62-098e9416f50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-26888", "type": "seen", "source": "https://t.me/cibsecurity/58362", "content": "\u203c CVE-2022-26888 \u203c\n\nCross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-16T22:17:53.000000Z"}]}