{"vulnerability": "CVE-2022-40635", "sightings": [{"uuid": "546d066a-4bf1-49b0-9243-76d91e50fe54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40635", "type": "seen", "source": "https://t.me/arpsyndicate/878", "content": "#ExploitObserverAlert\n\nCVE-2022-40635\n\nDESCRIPTION: Exploit Observer has 1 entries related to CVE-2022-40635. Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.\n\nFIRST-EPSS: 0.000890000\nNVD-IS: 5.9\nNVD-ES: 1.2", "creation_timestamp": "2023-12-02T02:08:10.000000Z"}, {"uuid": "51fbb924-4ad0-497a-a101-e71e309e12ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40635", "type": "seen", "source": "https://t.me/cibsecurity/49699", "content": "\u203c CVE-2022-40635 \u203c\n\nImproper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-13T22:31:41.000000Z"}, {"uuid": "b202665b-ecb7-4431-909e-6ad9699586de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40635", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1632", "content": "https://github.com/mbadanoiu/CVE-2022-40635\n\n#github", "creation_timestamp": "2023-12-02T07:54:50.000000Z"}, {"uuid": "dac5e563-d6b8-4b15-b133-38179a919889", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40635", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/9503", "content": "#exploit\n1. CVE-2022-40635:\nGroovy Sandbox Bypass in CrafterCMS\nhttps://github.com/mbadanoiu/CVE-2022-40635\n\n2. CVE-2023-26049:\nCookie Bugs - Smuggling & Injection\nhttps://blog.ankursundara.com/cookie-bugs\n\n3. CVE-2023-47503:\nJfinal_ CMS V5.1.0 has login.jsp written to RCE\nhttps://github.com/jflyfox/jfinal_cms/issues/58", "creation_timestamp": "2024-03-20T05:07:42.000000Z"}, {"uuid": "26d046e1-903d-4e7e-9de5-908e4c2a28ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40635", "type": "seen", "source": "https://t.me/Rootsec_2/2174", "content": "#exploit\n1. CVE-2022-40635:\nGroovy Sandbox Bypass in CrafterCMS\nhttps://github.com/mbadanoiu/CVE-2022-40635\n\n2. CVE-2023-26049:\nCookie Bugs - Smuggling & Injection\nhttps://blog.ankursundara.com/cookie-bugs", "creation_timestamp": "2024-08-16T08:55:30.000000Z"}]}