{"vulnerability": "CVE-2022-2390", "sightings": [{"uuid": "4f0c9fc3-fde0-4960-a1ed-14ac3553fe20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23904", "type": "seen", "source": "https://t.me/cibsecurity/41718", "content": "\u203c CVE-2022-23904 \u203c\n\nRainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-16T22:01:19.000000Z"}, {"uuid": "dc8dc44b-b67c-4c9d-a235-101b321e9ba9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2390", "type": "seen", "source": "https://t.me/cibsecurity/48009", "content": "\u203c CVE-2022-2390 \u203c\n\nApps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T14:33:13.000000Z"}, {"uuid": "02398fc5-8d79-458e-8d5a-9d733db26945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23906", "type": "seen", "source": "https://t.me/cibsecurity/38236", "content": "\u203c CVE-2022-23906 \u203c\n\nCMS Made Simple v2.2.15 was discovered to contain a Remote Command Execution (RCE) vulnerability via the upload avatar function. This vulnerability is exploited via a crafted image file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T02:29:04.000000Z"}, {"uuid": "e5364dca-f7a4-41b1-880f-64a8ae022b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23907", "type": "seen", "source": "https://t.me/cibsecurity/38224", "content": "\u203c CVE-2022-23907 \u203c\n\nCMS Made Simple v2.2.15 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the parameter m1_fmmessage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-01T02:28:46.000000Z"}, {"uuid": "fafc0341-fd25-4367-9fe6-296b169eb428", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23909", "type": "seen", "source": "https://t.me/cibsecurity/40147", "content": "\u203c CVE-2022-23909 \u203c\n\nThere is an unquoted service path in Sherpa Connector Service (SherpaConnectorService.exe) 2020.2.20328.2050. This might allow a local user to escalate privileges by creating a \"C:\\Program Files\\Sherpa Software\\Sherpa.exe\" file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-05T12:28:33.000000Z"}, {"uuid": "b7675722-95e3-45a0-af50-7958be5a3b65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23900", "type": "seen", "source": "https://t.me/cibsecurity/40284", "content": "\u203c CVE-2022-23900 \u203c\n\nA command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-07T14:31:44.000000Z"}, {"uuid": "093884bd-6587-4221-addb-983f747357a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23903", "type": "seen", "source": "https://t.me/cibsecurity/39741", "content": "\u203c CVE-2022-23903 \u203c\n\nA Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T16:41:36.000000Z"}, {"uuid": "ce43bd3b-c8dd-4ae3-8790-14c27ca56abf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23902", "type": "seen", "source": "https://t.me/cibsecurity/37458", "content": "\u203c CVE-2022-23902 \u203c\n\nTongda2000 v11.10 was discovered to contain a SQL injection vulnerability in export_data.php via the d_name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-15T00:33:12.000000Z"}]}