{"vulnerability": "cve-2022-31101", "sightings": [{"uuid": "7f06888f-9447-46a8-8aac-dd8e3febf0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/9250", "content": "Prestashop Blockwishlist module version 2.1.0 is vulnerable to remote SQL injection attacks. PoC is available now: https://github.com/karthikuj/CVE-2022-31101, you can try it because I see there are many websites designed under this Presashop platform.\n#new\n#tools\n#TYG_VN\n#TYG_TEAM", "creation_timestamp": "2022-08-14T12:08:05.000000Z"}, {"uuid": "f6d097cd-5fe4-420e-b7da-901c6551abfe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2772", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMajor Security Vulnerability on PrestaShop Websites - CVE-2022-31101\nURL\uff1ahttps://github.com/MathiasReker/blmvuln\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-25T07:09:57.000000Z"}, {"uuid": "d445a0e1-f9df-4640-85fb-6c3f598cd0c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2768", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aMajor Security Vulnerability on PrestaShop Websites - CVE-2022-31101\nURL\uff1ahttps://github.com/MathiasReker/blm-vlun\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-07-24T22:44:43.000000Z"}, {"uuid": "024f9c86-ff78-4877-b710-73d8529faeb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/legendscrewch/1603", "content": "Prestashop Blockwishlist module version 2.1.0 is vulnerable to remote SQL injection attacks. PoC is available now: https://github.com/karthikuj/CVE-2022-31101, you can try it because I see there are many websites designed under this Presashop platform.\n#new\n#tools\n#TYG_VN\n#TYG_TEAM", "creation_timestamp": "2022-08-14T12:07:55.000000Z"}, {"uuid": "ea879f56-5815-4446-808d-72fdf42bded0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "seen", "source": "Telegram/FFymLLIK1VykiTo0qiu5oiOuLgw0sFOxywUPTyY6TqRLAw", "content": "", "creation_timestamp": "2022-07-26T16:33:25.000000Z"}, {"uuid": "1cf1550a-72e5-44cd-aa9e-f81ddc62187e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/anonhamz/1562", "content": "Prestashop Blockwishlist module version 2.1.0 is vulnerable to remote SQL injection attacks. PoC is available now: https://github.com/karthikuj/CVE-2022-31101, you can try it because I see there are many websites designed under this Presashop platform.\n#new\n#tools\n#TYG_VN\n#TYG_TEAM", "creation_timestamp": "2022-08-14T12:07:57.000000Z"}, {"uuid": "ac88d925-42f6-44e4-b260-1ead6ec50dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "Telegram/XyL_cf19E9pL7989kbUZnkXawqI4Zf817n8ZrJO4otm5wg", "content": "", "creation_timestamp": "2022-08-09T13:10:10.000000Z"}, {"uuid": "cda1fbd6-03f6-466a-8239-f82f8cdff937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "seen", "source": "https://t.me/crackcodes/901", "content": "Updates On Hackbyte Forum:-\n\n1. HydraDeepWeb Leak\n2. Datagram.io Leak\n3. SIING.IO_Source_Backend Leak\n4. PPLDump - RIPPL is a tool that abuses a usermode only exploit to manipulate PPL processes on Windows\n5. Nessus Plugin (2022 July 22) With TrendMacro CMD\n6. Multiple vulnerabilities in Nuki smart locks\n7. Pulsar \u2014 an open-source runtime security framework powered by Rust & eBPF for IoT\n8. Attack Chain D\u00e9j\u00e0-vu: The infection vector used by SVCReady, Gozi and IcedID\n9. Finding Flaws in FileWave MDM\n10. When Hypervisor Met Snapshot Fuzzing\n11. wodat: Windows Oracle Database Attack Toolkit\n12. Bypass AMSI in local process hooking NtCreateSection\n13. iauyazd.ac.ir leak - The Islamic Azad University in Iran was leaked. \ud83c\uddee\ud83c\uddf7\n14. atlayo.com Leak\n15. toastmasters.org.tw Leak\n16. cryptic.kit.com.vn Leak\n17. Eskimi Dehash Passwords leak\n18. Bolt-CMS-Version-3.7.1-RCE-Exploit\n19. Cloud Exploitation Framework\n20. PSAsyncShell: PowerShell Asynchronous TCP Reverse Shell\n21. EvilURL v3.0 - Generate unicode domains for IDN Homograph Attack and detect them\n22. \ua4d8amerka GUI - Ultimate Internet of Things/Industrial Control Systems reconnaissance tool.\n23. Azure_Workshop - #Azure #RedTeam Attack and Detect Workshop\n24. sniffer - A modern alternative network traffic sniffer\n25. DFShell: The Best Forwarded Shell\n26.s1c0n: simple recon tool to help you for searching vulnerability on web server\n27. PwnFox: PwnFox is a Firefox/Burp extension that provide usefull tools for your security audit.\n28. xray_1.9.1_licensed\n29. blmvuln: Major Security Vulnerability on PrestaShop Websites \u2013 CVE-2022-31101\n30. CVE-2022-34961: OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Users Timeline module\n\n\ud83d\udc49\ud83c\udffb\ud83d\udc49\ud83c\udffbAll Updates On :- https://bit.ly/3yRyah3 \ud83d\udc48\ud83c\udffb\ud83d\udc48\ud83c\udffb", "creation_timestamp": "2022-07-30T13:35:22.000000Z"}, {"uuid": "10993a0a-47dd-4a75-b4ef-e90faa8470db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "seen", "source": "https://t.me/cibsecurity/45263", "content": "\u203c CVE-2022-31101 \u203c\n\nprestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T02:35:20.000000Z"}, {"uuid": "5cffb42e-ae3c-40fc-8ead-dacb3a350bbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/legendscrewmy/1597", "content": "Prestashop Blockwishlist module version 2.1.0 is vulnerable to remote SQL injection attacks. PoC is available now: https://github.com/karthikuj/CVE-2022-31101, you can try it because I see there are many websites designed under this Presashop platform.\n#new\n#tools\n#TYG_VN\n#TYG_TEAM", "creation_timestamp": "2022-08-14T12:08:11.000000Z"}, {"uuid": "d1abf04b-7b10-479e-ba9e-0e7dd7f1e071", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6560", "content": "#exploit\n1. CVE-2022-31061:\nGLPI >= 9.3.0 / < 10.0.2 - Unauthenticated SQL injection on login page\nhttps://github.com/Vu0r1-sec/CVE-2022-31061\n\n2. CVE-2022-31101:\nExploit for PrestaShop bockwishlist module 2.1.0 SQLi\nhttps://github.com/karthikuj/CVE-2022-31101", "creation_timestamp": "2022-08-10T10:50:35.000000Z"}, {"uuid": "2130e5ed-5798-4bfa-b78e-a6d67f004f41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/14", "content": "https://github.com/karthikuj/CVE-2022-31101", "creation_timestamp": "2022-08-09T12:59:31.000000Z"}, {"uuid": "43b4eaae-6313-4d27-947c-170326f0bad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/lcmysecteamch/2961", "content": "Prestashop Blockwishlist module version 2.1.0 is vulnerable to remote SQL injection attacks. PoC is available now: https://github.com/karthikuj/CVE-2022-31101, you can try it because I see there are many websites designed under this Presashop platform.\n#new\n#tools\n#TYG_VN\n#TYG_TEAM", "creation_timestamp": "2022-08-14T12:08:06.000000Z"}, {"uuid": "a836dc27-f64e-4237-a8e8-1ee07ebf8609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m6ztowhz4i2w", "content": "", "creation_timestamp": "2025-12-02T21:02:29.223029Z"}, {"uuid": "b264e3dc-e974-4355-9acb-3f9f0d9059b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-31101", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2890", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aExploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)\nURL\uff1ahttps://github.com/karthikuj/CVE-2022-31101\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-08-09T10:34:52.000000Z"}]}