{"vulnerability": "CVE-2022-3807", "sightings": [{"uuid": "7ba861f0-fe91-4b09-8b17-8446e4fa280e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38074", "type": "seen", "source": "https://t.me/cibsecurity/59903", "content": "\u203c CVE-2022-38074 \u203c\n\nSQL Injection vulnerability in VeronaLabs WP Statistics plugin &lt;= 13.2.10 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-13T17:23:31.000000Z"}, {"uuid": "0177c961-70bb-48ec-a0dd-ccbe97d7ab43", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-38076", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "1349122f-3a4d-4bb8-9683-7de6299c91c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38072", "type": "seen", "source": "Telegram/wgl10yV81s_Pdad3jmQWcoyd9QikwgVZ_rDHgWgT2NQFWQ", "content": "", "creation_timestamp": "2023-04-03T22:19:33.000000Z"}, {"uuid": "798b3694-13f8-485d-9f41-cd1d669ea2b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38077", "type": "seen", "source": "https://t.me/cibsecurity/61008", "content": "\u203c CVE-2022-38077 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything \u00e2\u20ac\u201c A Marketing Popup and Lead Generation Conversions plugin &lt;= 2.2.1 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T16:15:28.000000Z"}, {"uuid": "8b3d7ae7-c061-42bf-a5d9-b90b5517af1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38072", "type": "seen", "source": "https://t.me/cibsecurity/61335", "content": "\u203c CVE-2022-38072 \u203c\n\nAn improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-23T09:20:05.000000Z"}, {"uuid": "985bd21e-068d-45a5-8b08-654134f4b7b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38075", "type": "seen", "source": "https://t.me/cibsecurity/53161", "content": "\u203c CVE-2022-38075 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin &lt;= 0.13 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T22:29:33.000000Z"}, {"uuid": "b26dca7b-f217-429b-8bd6-49fd992ba942", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38073", "type": "seen", "source": "https://t.me/cibsecurity/50245", "content": "\u203c CVE-2022-38073 \u203c\n\nMultiple Authenticated (custom specific plugin role) Persistent Cross-Site Scripting (XSS) vulnerability in Awesome Support plugin &lt;= 6.0.7 at WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T00:46:19.000000Z"}, {"uuid": "6f0cd956-8193-4e65-b6a4-f55615ec49b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38078", "type": "seen", "source": "https://t.me/cibsecurity/48635", "content": "\u203c CVE-2022-38078 \u203c\n\nMovable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-24T12:22:30.000000Z"}, {"uuid": "6747f717-a5c8-4976-9663-bcefc51c645c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38072", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8061", "content": "#exploit\n1. CVE-2022-38072:\nBuffer overflow vulnerability in ADMesh library\nhttps://www.talosintelligence.com/vulnerability_reports/TALOS-2022-1594\n\n2. CVE-2023-0656:\nSonicWall SSL-VPN Out Of Bounds Write DoS\nhttps://ssd-disclosure.com/ssd-advisory-sonicwall-out-of-bounds-write-dos", "creation_timestamp": "2023-04-05T11:03:01.000000Z"}]}