{"vulnerability": "CVE-2022-4438", "sightings": [{"uuid": "bc0135bc-13bb-48be-96a1-3c819b316724", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44384", "type": "seen", "source": "https://t.me/cibsecurity/53083", "content": "\u203c CVE-2022-44384 \u203c\n\nAn arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T20:18:08.000000Z"}, {"uuid": "2c2ab3c5-0cbc-4439-916b-2a3379bf98cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44384", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/rconfig_vendors_auth_file_upload_rce.rb", "content": "", "creation_timestamp": "2021-06-24T15:51:21.000000Z"}, {"uuid": "f15a3882-c9a5-4815-bb4c-be332c66a29d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44384", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13838", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-44384\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in rconfig v3.9.6 allows attackers to execute arbitrary code via a crafted PHP file.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T14:53:39.852Z\n\ud83d\udd17 References:\n1. https://www.exploit-db.com/exploits/49783", "creation_timestamp": "2025-04-29T15:11:46.000000Z"}, {"uuid": "683e4786-2502-4c48-b76f-8202498f5738", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44384", "type": "seen", "source": "MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7", "content": "", "creation_timestamp": "2025-10-23T21:13:00.000000Z"}, {"uuid": "9796cb09-47b6-414b-ba97-07cabaddb083", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44380", "type": "seen", "source": "https://t.me/cibsecurity/55293", "content": "\u203c CVE-2022-44380 \u203c\n\nSnipe-IT before 6.0.14 is vulnerable to Cross Site Scripting (XSS) for View Assigned Assets.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:46.000000Z"}, {"uuid": "34dc0749-4e8b-41a7-ae20-3809019c2a89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-44381", "type": "seen", "source": "https://t.me/cibsecurity/55296", "content": "\u203c CVE-2022-44381 \u203c\n\nSnipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-25T07:39:49.000000Z"}]}