{"vulnerability": "CVE-2022-3060", "sightings": [{"uuid": "0b13f820-58b5-42f7-b278-a0fb02666849", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-30601", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0252/", "content": "", "creation_timestamp": "2026-03-09T00:00:00.000000Z"}, {"uuid": "5cc2b524-8f57-4659-91d5-320bd46840d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30605", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11879", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-30605\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.\n\ud83d\udccf Published: 2022-08-22T18:24:29.434Z\n\ud83d\udccf Modified: 2025-04-15T18:51:31.163Z\n\ud83d\udd17 References:\n1. https://github.com/WWBN/AVideo/blob/e04b1cd7062e16564157a82bae389eedd39fa088/updatedb/updateDb.v12.0.sql\n2. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1535", "creation_timestamp": "2025-04-15T18:54:47.000000Z"}, {"uuid": "8891db90-0cf8-4450-ba48-4c2869c61f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30607", "type": "seen", "source": "https://t.me/cibsecurity/44748", "content": "\u203c CVE-2022-30607 \u203c\n\nIBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-17T20:22:57.000000Z"}, {"uuid": "d8bdd55a-6e58-4ba8-8d50-3f97fb24bce7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3060", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16157", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3060\n\ud83d\udd25 CVSS Score: 7.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n\ud83d\udd39 Description: Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-13T16:19:52.449Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/365427\n2. https://hackerone.com/reports/1600343\n3. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json", "creation_timestamp": "2025-05-13T16:30:36.000000Z"}, {"uuid": "937191dd-f5a9-4a01-893a-cc5a831cad51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30603", "type": "seen", "source": "https://t.me/cibsecurity/52033", "content": "\u203c CVE-2022-30603 \u203c\n\nAn OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-25T20:27:02.000000Z"}, {"uuid": "09f4007d-9901-40de-b515-785c168bfe79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30604", "type": "seen", "source": "https://t.me/cibsecurity/48337", "content": "\u203c CVE-2022-30604 \u203c\n\nCross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-18T12:41:24.000000Z"}, {"uuid": "51bcdab5-ead7-48fb-a7ad-3d7543c131c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30601", "type": "seen", "source": "https://t.me/cibsecurity/48416", "content": "\u203c CVE-2022-30601 \u203c\n\nInsufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-19T00:23:03.000000Z"}, {"uuid": "6de3ab66-ef51-4cd7-aac5-696ea58b7600", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30600", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6904", "content": "#exploit\n1. CVE-2022-40140, CVE-2022-41082:\n\"ProxyNotShell\"\nhttps://github.com/LivingFree8/CVE-2022-41082-RCE-POC\n\n2. CVE-2022-30600:\nMoodle Failed Login\nhttps://github.com/Boonjune/POC-CVE-2022-30600\n\n3. A kernel exploit leveraging NtUserHardErrorControl to elevate a thread to KernelMode and achieve arbitrary kernel R/W\nhttps://github.com/SecIdiot/ANGRYORCHARD", "creation_timestamp": "2022-12-21T04:56:56.000000Z"}, {"uuid": "db68b244-520e-4ffa-ad94-fc888464148e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-30600", "type": "seen", "source": "https://t.me/cibsecurity/42952", "content": "\u203c CVE-2022-30600 \u203c\n\nA flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-18T22:28:44.000000Z"}]}