{"vulnerability": "CVE-2022-40146", "sightings": [{"uuid": "acab0d6b-1304-4194-ba2d-dec1dbf15699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/proxy_bar/1130", "content": "CVE-2022-40146 exploit\n\u0414\u044b\u0440\u044b  \u0432 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430\u0445 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c\u044e Apache Batik \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u2014 SSRF \u0438 RCE \u0447\u0435\u0440\u0435\u0437 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u0443\u044e \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u043a\u043b\u0430\u0441\u0441\u043e\u0432\nWhat da fuck is this ?  Read \n\n#apache #rce #java", "creation_timestamp": "2022-11-01T10:22:32.000000Z"}, {"uuid": "c08ee595-20a3-4bfc-8e8d-cf8e7dce47bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "Telegram/fAWPAqiGGmiCioZoRRJUTpS-505alyTv3gMvgAepMoyqmv8", "content": "", "creation_timestamp": "2022-11-09T03:50:02.000000Z"}, {"uuid": "6de3e2fd-954b-4ea1-a1c7-b4208571445d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "seen", "source": "https://t.me/cibsecurity/50266", "content": "\u203c CVE-2022-40146 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-22T18:12:19.000000Z"}, {"uuid": "5cb3d1c0-caa6-487f-a0c4-1268c36c7357", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/583", "content": "CVE-2022-40146 : Apache XML Graphics Batik 1.14 - Server-Side Request Forgery & RCE\nPOC : https://github.com/cckuailong/CVE-2022-40146_Exploit_Jar", "creation_timestamp": "2022-11-14T21:29:01.000000Z"}, {"uuid": "3ba4ad78-bcb0-4c55-b084-3d9608dcfdc8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/1319", "content": "", "creation_timestamp": "2022-11-01T15:16:16.000000Z"}, {"uuid": "6053640f-6fc6-4d31-8549-2f6364f16f6c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40146", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/7094", "content": "#exploit\n1. CVE-2022-38398, CVE-2022-40146:\nVulnerabilities in Apache Batik Default Security Controls - SSRF/RCE Through Remote Class Loading\nhttps://www.zerodayinitiative.com/blog/2022/10/28/vulnerabilities-in-apache-batik-default-security-controls-ssrf-and-rce-through-remote-class-loading\n\n2. CVE-2022-0739:\nSQLI BookingPress <1.0.11 - Unauth SQL Injection\nhttps://github.com/Chris01s/CVE-2022-0739", "creation_timestamp": "2022-11-03T11:05:13.000000Z"}]}