{"vulnerability": "CVE-2022-28117", "sightings": [{"uuid": "9df8fa9e-dda9-4475-81da-eb3dc4644a51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28117", "type": "seen", "source": "https://t.me/cibsecurity/41584", "content": "\u203c CVE-2022-28117 \u203c\n\nA Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-28T18:24:29.000000Z"}, {"uuid": "aeaacea5-c870-4f70-a591-ffc8a7d0fd18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28117", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6317", "content": "#exploit\n1. CVE-2022-28219:\nUnauthenticated XXE to RCE and Domain Compromise in Zoho ManageEngine ADAudit Plus\nhttps://www.horizon3.ai/red-team-blog-cve-2022-28219\n\n2. CVE-2022-28117:\nNavigate CMS <= 2.9.4 - Server-Side Request Forgery (Authenticated)\nhttps://github.com/cheshireca7/CVE-2022-28117\n\n3. PDF Exploit\nhttps://github.com/CodiumAlgorithm/Silent-PDF-Exploit-Builder-2022---PDF-Exploits", "creation_timestamp": "2022-07-04T18:06:11.000000Z"}, {"uuid": "b07c099d-4636-460a-8d2d-8ec94d61c45c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28117", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/2197", "content": "#exploit\n + CVE-2022-28219:\nUnauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus\nhttps://www.horizon3.ai/red-team-blog-cve-2022-28219\n\n + CVE-2022-28117:\nNavigate CMS <= 2.9.4 - Server-Side Request Forgery (Authenticated)\nhttps://github.com/cheshireca7/CVE-2022-28117\n\n+ PDF Exploit\nhttps://github.com/CodiumAlgorithm/Silent-PDF-Exploit-Builder-2022---PDF-Exploits\n\n@BlueRedTeam", "creation_timestamp": "2022-07-02T13:03:19.000000Z"}, {"uuid": "2d8719cf-d082-490b-a756-fc60451224c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28117", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9666", "content": "#exploit\n1. CVE-2023-46359/CVE-2023-46360:\nOS Command Injection in cPH2 Charging Station <2.0\nhttps://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360\n\n2. WebKit Exploit for PS4 6.x-9.6 / PS5 1.x-5.x\nhttps://github.com/kmeps4/PSFree\n\n3. CVE-2022-28117:\nSSRF in feed_parser class of Navigate CMS v2.9.4\nhttps://github.com/kimstars/POC-CVE-2022-28117", "creation_timestamp": "2024-01-03T20:41:00.000000Z"}]}