{"vulnerability": "cve-2022-2834", "sightings": [{"uuid": "3c735052-f8ad-41b3-96ce-9861d2358a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2189", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aAn improved Proof of Concept for CVE-2022-1388 w/ Interactive Shell.        No reverse tcp required!\nURL\uff1ahttps://github.com/ahsentekdemir/CVE-2022-28346\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-05-15T00:26:32.000000Z"}, {"uuid": "8584da26-485d-4f18-ba2e-e88731958c8e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/131", "content": "CVE-2022-28346 : Django QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346", "creation_timestamp": "2022-04-29T13:13:36.000000Z"}, {"uuid": "778d459c-67ef-45fb-a4bf-14c0172c5ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/498", "content": "\u200bCVE-2022-28346\n\nDjango QuerySet.annotate(), aggregate(), extra() SQL\n\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\n#redteam #hackers #exploit", "creation_timestamp": "2022-04-29T10:51:05.000000Z"}, {"uuid": "717138ac-8f0c-4eb7-ae75-0eae3fb0f4da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28347", "type": "seen", "source": "https://t.me/cibsecurity/40598", "content": "\u203c CVE-2022-28347 \u203c\n\nA SQL injection issue was discovered in QuerySet.explain() in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. This occurs by passing a crafted dictionary (with dictionary expansion) as the **options argument, and placing the injection payload in an option name.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:18.000000Z"}, {"uuid": "8987487b-a897-4f1f-9017-fa813a2bff37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "seen", "source": "https://t.me/cibsecurity/40586", "content": "\u203c CVE-2022-28346 \u203c\n\nAn issue was discovered in Django 2.2 before 2.2.28, 3.2 before 3.2.13, and 4.0 before 4.0.4. QuerySet.annotate(), aggregate(), and extra() methods are subject to SQL injection in column aliases via a crafted dictionary (with dictionary expansion) as the passed **kwargs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T12:23:00.000000Z"}, {"uuid": "d2a5e668-b27a-4199-94f0-ee2a69e7f95c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5909", "content": "#exploit\n1. CVE-2022-28346:\nDjango QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\n2. CVE-2022-28508:\nMantisBT 2.25.2 - XSS\nhttps://github.com/YavuzSahbaz/CVE-2022-28508/blob/main/MantisBT%202.25.2%20XSS%20vulnurability\n\n3. Bypassing LDAP Channel Binding with StartTLS\nhttps://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html", "creation_timestamp": "2022-04-30T17:55:24.000000Z"}, {"uuid": "2079e952-1027-43d2-9f45-f42d32e7272a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "Telegram/S7UYTiMfexdXb-A0qlUDhTcfhw0DNHJcz-TH3evrmkbe4A", "content": "", "creation_timestamp": "2022-04-29T10:57:59.000000Z"}, {"uuid": "60ae05b5-a85a-4f6f-a2a6-7f89067cbb0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "Telegram/Fe1afOtijSLjWWbm1OZINMnYxteXldRf8_LKzqA7HCYfbYs", "content": "", "creation_timestamp": "2022-04-19T13:15:04.000000Z"}, {"uuid": "c7190d3f-c4a5-4e8e-b36a-df11ebbdc3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2834", "type": "seen", "source": "https://t.me/cibsecurity/51575", "content": "\u203c CVE-2022-2834 \u203c\n\nThe Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T16:13:23.000000Z"}, {"uuid": "2a46e748-f32c-421f-aaf0-0ad8710ecd7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "seen", "source": "https://t.me/cibsecurity/40846", "content": "\u203c CVE-2022-28345 \u203c\n\nThe Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing to be any website URL, by abusing the non-http/non-https automatic rendering of URLs. An attacker can spoof, for example, example.com, and masquerade any URL with a malicious destination. An attacker requires a subdomain such as gepj, txt, fdp, or xcod, which would appear backwards as jpeg, txt, pdf, and docx respectively.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-15T12:19:51.000000Z"}, {"uuid": "2c718a18-c57a-4f52-a13b-b175cbf73332", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1940", "content": "#exploit\n+ CVE-2022-28345:\nSignal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs\nhttps://sick.codes/sick-2022-42\n\n+ CVE-2021-1782:\nan iOS in-the-wild vulnerability in vouchers\nhttps://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html\n\n@BlueRedTeam", "creation_timestamp": "2022-04-15T22:53:32.000000Z"}, {"uuid": "fddee7e8-f7bc-4a37-be5e-7134c688861b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/75", "content": "https://github.com/DeEpinGh0st/CVE-2022-28346", "creation_timestamp": "2023-07-14T09:52:27.000000Z"}, {"uuid": "144932fa-f056-4b8c-87ff-5b68417ca8e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28345", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5812", "content": "#exploit\n1. CVE-2022-28345:\nSignal client for iOS < 5.33.2 are vulnerable to RTLO Injection URI Spoofing using malicious URLs\nhttps://sick.codes/sick-2022-42\n\n2. CVE-2021-1782:\nan iOS in-the-wild vulnerability in vouchers\nhttps://googleprojectzero.blogspot.com/2022/04/cve-2021-1782-ios-in-wild-vulnerability.html", "creation_timestamp": "2022-04-15T23:44:05.000000Z"}, {"uuid": "413dd417-c738-4605-86ce-4224be83414d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2834", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16208", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2834\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T19:11:57.316Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/468d5fc7-04c6-4354-b134-85ebb25b37ae", "creation_timestamp": "2025-05-13T19:31:05.000000Z"}, {"uuid": "85ca5537-d349-453f-aac5-3b8c7fb1939b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-28346", "type": "published-proof-of-concept", "source": "https://t.me/ShlezySec_Channel/30", "content": "CVE-2022-28346:\nDjango QuerySet.annotate(), aggregate(), extra() SQL\nhttps://github.com/DeEpinGh0st/CVE-2022-28346\n\nBypassing LDAP Channel Binding with StartTLS\nhttps://offsec.almond.consulting/bypassing-ldap-channel-binding-with-starttls.html", "creation_timestamp": "2022-04-29T07:55:52.000000Z"}]}