{"vulnerability": "CVE-2022-4718", "sightings": [{"uuid": "ee9f1c2d-6915-426d-a372-e265098ca25e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47182", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113646223789590363", "content": "", "creation_timestamp": "2024-12-13T15:29:17.107262Z"}, {"uuid": "683f008e-39e4-40b7-8f3f-e8de6e389a3a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47187", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}, {"uuid": "8638f7d4-1cbe-4209-a6bf-b93925408fcb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47189", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}, {"uuid": "9a4f1b34-5f69-4e40-817e-b18a6693bee0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47188", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}, {"uuid": "82eb5a42-3ff5-4aa7-bf1e-6a42662b6d59", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47186", "type": "published-proof-of-concept", "source": "https://t.me/ETHICALHACKERSCOMMUNITY2/2163", "content": "Thunderstorm is a modular framework to exploit UPS devices.  For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future.\n  CVE  Thunderstorm is currently capable of exploiting the following CVE:    CVE-2022-47186 \u2013 Unrestricted file Upload # [CS-141]  CVE-2022-47187 \u2013 Cross-Site Scripting via File upload # [CS-141]  CVE-2022-47188 \u2013 Arbitrary local file read via file upload # [CS-141]  CVE-2022-47189 \u2013 Denial of Service via file upload # [CS-141]  CVE-2022-47190 \u2013 Remote Code Execution (https://www.kitploit.com/search/label/Remote%20Code%20Execution) via file upload # [CS-141]  CVE-2022-47191 \u2013 Privilege Escalation (https://www.kitploit.com/search/label/Privilege%20Escalation) via file upload # [CS-141]  CVE-2022-47192 \u2013 Admin password reset via file upload # [CS-141]  CVE-2022-47891 \u2013 Admin password reset # [NetMan 204]  CVE-2022-47892 \u2013 Sensitive Information Disclosure (https://www.kitploit.com/search/label/Information%20Disclosure) # [NetMan 204]  CVE-2022-47893 \u2013 Remote Code Execution via file upload # [NetMan 204]    Requirements    Python 3  Install requirements.txt    Download  It is recommended to clone the complete repository or download the zip file.  You can do this by running the following command:  git clone https://github.com/JoelGMSec/Thunderstorm\n  Also, you probably need to download the original and the custom firmware.  You can download all requirements from here:  https://darkbyte.net/links/thunderstorm.php  Usage  - To be disclosed\n\n  The detailed guide of use can be found at the following link:    To be disclosed    License  This project is licensed under the GNU 3.0 license - see the LICENSE file for more details.  Credits and Acknowledgments  This tool has been created and designed from scratch by Joel G\u00e1mez Molina // @JoelGMSec  Contact  This software does not offer any kind of guarantee. Its use is exclusive for educational environments and / or security audits with the corresponding consent of the client. I am not responsible for its misuse or for any possible damage caused by it.  For more information, you can find me on Twitter as @JoelGMSec (https://twitter.com/JoelGMSec) and on my blog darkbyte.net (https://darkbyte.net/).  \n\nDownload Thunderstorm (https://github.com/JoelGMSec/Thunderstorm)", "creation_timestamp": "2023-03-06T18:07:35.000000Z"}, {"uuid": "443d4f62-a44d-4205-9dea-2cb9ba37639d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47187", "type": "seen", "source": "https://t.me/cibsecurity/71195", "content": "\u203c CVE-2022-47187 \u203c\n\nThere is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-17T01:10:29.000000Z"}, {"uuid": "82fa8674-2311-4aef-9ae4-4285018847ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47185", "type": "seen", "source": "https://t.me/cibsecurity/68077", "content": "\u203c CVE-2022-47185 \u203c\n\nImproper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-09T12:16:29.000000Z"}, {"uuid": "2373f145-17b6-4e47-9ca4-7e59a4c6495a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47184", "type": "seen", "source": "https://t.me/cibsecurity/65226", "content": "\u203c CVE-2022-47184 \u203c\n\nExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-06-14T12:20:40.000000Z"}, {"uuid": "dade4343-7c40-490d-b363-717c09a713f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47180", "type": "seen", "source": "https://t.me/cibsecurity/64689", "content": "\u203c CVE-2022-47180 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <=\u00c2\u00a01.3.5 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-24T20:27:07.000000Z"}, {"uuid": "bcf7d708-197d-4659-b2e4-9d97448ff568", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47183", "type": "seen", "source": "https://t.me/cibsecurity/64523", "content": "\u203c CVE-2022-47183 \u203c\n\nCross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <=\u00c2\u00a00.2.6 versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-22T14:25:36.000000Z"}, {"uuid": "a2a7c2a4-d5cf-4a7e-9c07-d352328a7882", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4718", "type": "seen", "source": "https://t.me/cibsecurity/56848", "content": "\u203c CVE-2022-4718 \u203c\n\nThe Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:20.000000Z"}]}