{"vulnerability": "CVE-2022-2762", "sightings": [{"uuid": "7bee8623-fcf7-40b9-961f-8914f70ec554", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27628", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/1364", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27628\n\ud83d\udd39 Description: Cross-Site Request Forgery (CSRF) vulnerability in\u00a0AA-Team\u00a0WZone \u2013 Lite Version plugin\u00a03.1 Lite versions.\n\ud83d\udccf Published: 2023-02-06T12:14:20.597Z\n\ud83d\udccf Modified: 2025-01-13T15:57:52.791Z\n\ud83d\udd17 References:\n1. https://patchstack.com/database/vulnerability/woocommerce-amazon-affiliates-light-version/wordpress-wzone-lite-version-plugin-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", "creation_timestamp": "2025-01-13T16:11:39.000000Z"}, {"uuid": "55a27de3-250a-47df-8428-25f42a68f6d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27623", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15383", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27623\n\ud83d\udd25 CVSS Score: 7.4 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Missing authentication for critical function vulnerability in iSCSI management functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote attackers to read or write arbitrary files via unspecified vectors.\n\ud83d\udccf Published: 2022-10-25T16:30:49.757Z\n\ud83d\udccf Modified: 2025-05-07T18:55:42.714Z\n\ud83d\udd17 References:\n1. https://www.synology.com/security/advisory/Synology_SA_22_18", "creation_timestamp": "2025-05-07T19:22:17.000000Z"}, {"uuid": "2f691f44-8b13-4d6e-89e6-1cf1f14a58ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27622", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27622\n\ud83d\udd25 CVSS Score: 4.1 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.\n\ud83d\udccf Published: 2022-10-25T16:30:54.412Z\n\ud83d\udccf Modified: 2025-05-07T18:54:38.687Z\n\ud83d\udd17 References:\n1. https://www.synology.com/security/advisory/Synology_SA_22_18", "creation_timestamp": "2025-05-07T19:22:21.000000Z"}, {"uuid": "777dc02f-8b90-45d5-ba2b-f1064f9f0a73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27624", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15326", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27624\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.\n\ud83d\udccf Published: 2022-10-20T05:50:20.654Z\n\ud83d\udccf Modified: 2025-05-07T14:44:17.518Z\n\ud83d\udd17 References:\n1. https://www.synology.com/security/advisory/Synology_SA_22_17", "creation_timestamp": "2025-05-07T15:22:44.000000Z"}, {"uuid": "811b90df-9bd3-4c5d-ba0f-983713032173", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2762", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15523", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2762\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack\n\ud83d\udccf Published: 2022-10-25T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-08T14:06:04.737Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/cf0b3893-3283-46d6-a497-f3110a35d42a", "creation_timestamp": "2025-05-08T14:23:21.000000Z"}, {"uuid": "2d45d58d-32e5-427f-99ac-2f5ccdcda818", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27626", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15530", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-27626\n\ud83d\udd25 CVSS Score: 10 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.\n\ud83d\udccf Published: 2022-10-20T05:50:10.327Z\n\ud83d\udccf Modified: 2025-05-08T13:42:27.475Z\n\ud83d\udd17 References:\n1. https://www.synology.com/security/advisory/Synology_SA_22_17", "creation_timestamp": "2025-05-08T14:23:28.000000Z"}, {"uuid": "704f8aaf-3147-4a83-9e11-fbbfad4d7db3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27628", "type": "seen", "source": "https://t.me/cibsecurity/57546", "content": "\u203c CVE-2022-27628 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone \u00e2\u20ac\u201c Lite Version plugin 3.1 Lite versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-06T16:22:54.000000Z"}, {"uuid": "f0d5b716-07db-4725-8b5b-0d8adfac0573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2762", "type": "seen", "source": "https://t.me/cibsecurity/52030", "content": "\u203c CVE-2022-2762 \u203c\n\nThe AdminPad WordPress plugin before 2.2 does not have CSRF check when updating admin's note, allowing attackers to make a logged in admin update their notes via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:59.000000Z"}, {"uuid": "95642fb5-bb10-426c-bfa9-906fc6447672", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27622", "type": "seen", "source": "https://t.me/cibsecurity/52028", "content": "\u203c CVE-2022-27622 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability in Package Center functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to access intranet resources via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:26:56.000000Z"}, {"uuid": "8c653237-d0db-41fb-aa74-574881be8415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27620", "type": "seen", "source": "https://t.me/cibsecurity/47478", "content": "\u203c CVE-2022-27620 \u203c\n\nImproper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-03T07:18:28.000000Z"}, {"uuid": "feeca9a8-bd72-4ffe-b3f9-f093e4b6c8eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27629", "type": "seen", "source": "https://t.me/cibsecurity/41161", "content": "\u203c CVE-2022-27629 \u203c\n\nCross-site request forgery (CSRF) vulnerability in 'MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership' versions prior to 1.9.6 allows a remote unauthenticated attacker to hijack the authentication of an administrator and perform unintended operation via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T07:25:05.000000Z"}]}