{"vulnerability": "cve-2022-4613", "sightings": [{"uuid": "32d16061-0f27-427c-8f4e-9756348138bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46137", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12299", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46137\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: AeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T17:35:30.997Z\n\ud83d\udd17 References:\n1. https://github.com/MegaTKC/AeroCMS/issues/7", "creation_timestamp": "2025-04-17T17:57:31.000000Z"}, {"uuid": "2366a9f5-a99d-4a1d-975e-2f387a89ac18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46135", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12298", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-46135\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.\n\ud83d\udccf Published: 2022-12-16T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-17T17:36:20.855Z\n\ud83d\udd17 References:\n1. https://github.com/MegaTKC/AeroCMS/issues/5", "creation_timestamp": "2025-04-17T17:57:30.000000Z"}, {"uuid": "32b592bd-7934-4068-acb0-2369e2d36fd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46135", "type": "seen", "source": "https://t.me/cibsecurity/54736", "content": "\u203c CVE-2022-46135 \u203c\n\nIn AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=edit_post , through which we can upload webshell and control the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:37:37.000000Z"}, {"uuid": "7069bd85-f406-4066-b4b8-83a48c7a87cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46137", "type": "seen", "source": "https://t.me/cibsecurity/54680", "content": "\u203c CVE-2022-46137 \u203c\n\nAeroCMS v0.0.1 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: AeroCMS v0.0.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T18:24:42.000000Z"}, {"uuid": "e8485250-6a1a-4229-aa4d-e4557ccb7f92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-46139", "type": "seen", "source": "https://t.me/cibsecurity/55001", "content": "\u203c CVE-2022-46139 \u203c\n\nTP-Link TL-WR940N V4 3.16.9 and earlier allows authenticated attackers to cause a Denial of Service (DoS) via uploading a crafted firmware image during the firmware update process.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T22:12:44.000000Z"}, {"uuid": "4f2cd7f3-d40c-43aa-b0f9-d5d2ad144db4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-4613", "type": "seen", "source": "https://t.me/cibsecurity/54884", "content": "\u203c CVE-2022-4613 \u203c\n\nA vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-19T18:11:35.000000Z"}]}