{"vulnerability": "CVE-2022-2338", "sightings": [{"uuid": "f1277c00-f17b-4bde-b140-e7d9493736fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23384", "type": "seen", "source": "https://t.me/cibsecurity/37486", "content": "\u203c CVE-2022-23384 \u203c\n\nYzmCMS v6.3 is affected by Cross Site Request Forgery (CSRF) in /admin.add\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T16:34:26.000000Z"}, {"uuid": "0f025c91-fab1-49bb-88d8-5f1ac7b52270", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2338", "type": "seen", "source": "https://t.me/cibsecurity/48318", "content": "\u203c CVE-2022-2338 \u203c\n\nSofting Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T00:40:58.000000Z"}, {"uuid": "b31062cf-81da-4460-b28c-3efa188436a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23380", "type": "seen", "source": "https://t.me/cibsecurity/38257", "content": "\u203c CVE-2022-23380 \u203c\n\nThere is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action=admin&amp;id=2&amp;ctrl=edit.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T16:23:20.000000Z"}, {"uuid": "d7c2a1d5-eaa2-4923-a1eb-9b6b01e685b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23387", "type": "seen", "source": "https://t.me/cibsecurity/38267", "content": "\u203c CVE-2022-23387 \u203c\n\nAn issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database data through the Comment Update field.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T20:24:22.000000Z"}, {"uuid": "a1af44c8-baf4-4383-8b09-0af082a67a00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23389", "type": "seen", "source": "https://t.me/cibsecurity/37457", "content": "\u203c CVE-2022-23389 \u203c\n\nPublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T00:33:10.000000Z"}]}