{"vulnerability": "cve-2022-3862", "sightings": [{"uuid": "c8086c1d-ee2d-4559-af4c-bc1a92e7a455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-03-17)", "content": "", "creation_timestamp": "2026-03-17T00:00:00.000000Z"}, {"uuid": "05cadce9-dbc0-4608-a403-3badcbaf4dd1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38625", "type": "seen", "source": "https://t.me/cibsecurity/49012", "content": "\u203c CVE-2022-38625 \u203c\n\nPatlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-30T02:44:42.000000Z"}, {"uuid": "1ddc8575-183d-4a0c-b5be-9676e72da316", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6878", "content": "CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building\n\nhttps://omar0x01.medium.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6", "creation_timestamp": "2022-12-31T12:26:04.000000Z"}, {"uuid": "16b6b441-81cf-4b40-beed-683f52e3196f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltzsfr55yu2k", "content": "", "creation_timestamp": "2025-07-15T21:02:20.703625Z"}, {"uuid": "23ca0ba1-457f-4d6b-887b-235fe86bd3eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-3862", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12868", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3862\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Livemesh Addons for Elementor WordPress plugin before 7.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n\ud83d\udccf Published: 2022-12-12T17:54:57.745Z\n\ud83d\udccf Modified: 2025-04-22T14:46:42.191Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/3db9a8f5-3335-4b8d-a067-091cbfed1efc", "creation_timestamp": "2025-04-22T15:03:47.000000Z"}, {"uuid": "6dd10812-45c6-4f4f-8255-ffa730b6ff76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/660", "content": "CVE-2022-38627 : A journey through SQLite Injection to compromise the whole enterprise building\nhttps://omar0x01.medium.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6", "creation_timestamp": "2023-01-14T06:31:01.000000Z"}, {"uuid": "17757dcf-f253-4e55-8d23-94e95e559af8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38628", "type": "seen", "source": "https://t.me/cibsecurity/54480", "content": "\u203c CVE-2022-38628 \u203c\n\nNortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a cross-site scripting (XSS) vulnerability which is chained with a local session fixation. This vulnerability allows attackers to escalate privileges via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T00:22:15.000000Z"}, {"uuid": "aa405453-2776-4452-a3de-cdc93173791f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "seen", "source": "https://t.me/cibsecurity/55832", "content": "\u203c CVE-2022-38627 \u203c\n\nNortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-04T00:17:38.000000Z"}, {"uuid": "01edf751-0352-4c88-9d6e-fd6b8f365d90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-38627.yaml", "content": "", "creation_timestamp": "2025-09-24T01:25:00.000000Z"}, {"uuid": "504ed16e-631e-402a-a0a4-464249b1d626", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38627", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/281", "content": "CVE-2022-38627: A journey through SQLite Injection to compromise the whole enterprise building\n\nhttps://omar0x01.medium.com/cve-2022-38627-a-journey-through-sqlite-injection-to-compromise-the-whole-enterprise-building-15cebd072ed6", "creation_timestamp": "2023-01-16T11:19:01.000000Z"}, {"uuid": "61b0610b-b45f-439c-ba17-092d7de62545", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-38621", "type": "seen", "source": "https://t.me/cibsecurity/49981", "content": "\u203c CVE-2022-38621 \u203c\n\nDoufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T22:35:29.000000Z"}]}