{"vulnerability": "cve-2022-3861", "sightings": [{"uuid": "ab11101f-b608-4d54-94cd-c802e13f16a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38619", "type": "seen", "source": "https://t.me/cibsecurity/50175", "content": "\u203c CVE-2022-38619 \u203c\n\nSmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-21T07:40:29.000000Z"}, {"uuid": "fdcc50e3-19fb-4180-b8fd-acce15384f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38615", "type": "seen", "source": "https://t.me/cibsecurity/49550", "content": "\u203c CVE-2022-38615 \u203c\n\nSmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T20:30:24.000000Z"}, {"uuid": "9dcf8018-341c-4393-97a3-1a4843d4d82b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38616", "type": "seen", "source": "https://t.me/cibsecurity/49633", "content": "\u203c CVE-2022-38616 \u203c\n\nSmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T16:25:16.000000Z"}, {"uuid": "9cf88022-82f9-423e-b97c-e20f3ce0826a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38613", "type": "seen", "source": "https://t.me/cibsecurity/49547", "content": "\u203c CVE-2022-38613 \u203c\n\nA Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T20:30:20.000000Z"}, {"uuid": "5003acb7-7c81-4a70-94d2-7bd631005557", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38614", "type": "seen", "source": "https://t.me/cibsecurity/49546", "content": "\u203c CVE-2022-38614 \u203c\n\nAn issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-09T20:30:19.000000Z"}, {"uuid": "235e6508-aa2b-4ec5-8a18-7e1c7a57c2f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3861", "type": "seen", "source": "https://t.me/cibsecurity/53238", "content": "\u203c CVE-2022-3861 \u203c\n\nThe Betheme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 26.5.1.4 via deserialization of untrusted input supplied via the import, mfn-items-import-page, and mfn-items-import parameters passed through the mfn_builder_import, mfn_builder_import_page, importdata, importsinglepage, and importfromclipboard functions. This makes it possible for authenticated attackers, with contributor level permissions and above to inject a PHP Object. The additional presence of a POP chain would make it possible for attackers to execute code, retrieve sensitive data, delete files, etc..\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-21T16:37:06.000000Z"}, {"uuid": "61b9de76-4aff-49b6-a9ca-5da98d5e5c7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38617", "type": "seen", "source": "https://t.me/cibsecurity/50026", "content": "\u203c CVE-2022-38617 \u203c\n\nSmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-19T16:56:27.000000Z"}, {"uuid": "51917073-7ea7-4c40-8886-c8552e3363d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38610", "type": "seen", "source": "https://t.me/cibsecurity/49612", "content": "\u203c CVE-2022-38610 \u203c\n\nGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T00:24:53.000000Z"}]}