{"vulnerability": "CVE-2022-2717", "sightings": [{"uuid": "657536c1-3869-414d-b026-af32cb4b81ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2717", "type": "seen", "source": "https://t.me/cibsecurity/49344", "content": "\u203c CVE-2022-2717 \u203c\n\nThe JoomSport \u00e2\u20ac\u201c for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter on the joomsport-events-form page in versions up to, and including, 5.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrative privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-06T22:13:34.000000Z"}, {"uuid": "ef14f26b-fe05-4ca8-b8a5-a1442eb21dd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27170", "type": "seen", "source": "https://t.me/cibsecurity/58397", "content": "\u203c CVE-2022-27170 \u203c\n\nProtection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-17T00:12:45.000000Z"}, {"uuid": "c4d1ec8d-0e29-4c22-902b-891524f5b210", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27172", "type": "seen", "source": "https://t.me/cibsecurity/42532", "content": "\u203c CVE-2022-27172 \u203c\n\nA hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-12T20:42:21.000000Z"}, {"uuid": "1e901285-41e3-4a81-bc25-c0ff777a7820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27179", "type": "seen", "source": "https://t.me/cibsecurity/41181", "content": "\u203c CVE-2022-27179 \u203c\n\nA malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T20:25:49.000000Z"}, {"uuid": "6e201433-0953-46e4-a584-c98849586f6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27174", "type": "seen", "source": "https://t.me/cibsecurity/44250", "content": "\u203c CVE-2022-27174 \u203c\n\nCross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-13T12:17:45.000000Z"}, {"uuid": "16908252-573f-4ebe-b7c2-f7dc96e210b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27177", "type": "seen", "source": "https://t.me/cibsecurity/40026", "content": "\u203c CVE-2022-27177 \u203c\n\nA Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-02T02:20:00.000000Z"}, {"uuid": "9c9069fa-aa74-4043-afff-cac8056af68e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27175", "type": "seen", "source": "https://t.me/cibsecurity/39756", "content": "\u203c CVE-2022-27175 \u203c\n\nDelta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-29T20:11:29.000000Z"}]}