{"vulnerability": "CVE-2022-4755", "sightings": [{"uuid": "3c02775b-3d70-4b62-a345-755a7d677194", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47559", "type": "seen", "source": "https://t.me/cibsecurity/70730", "content": "\u203c CVE-2022-47559 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Lack of device control over web requests in ekorCCP and ekorRCI, allowing an attacker to create customised requests to execute malicious actions when a user is logged in, affecting availability, privacy and integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T18:29:31.000000Z"}, {"uuid": "edabc1cf-b4df-40d9-b4fe-28e1fddd3ac3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47554", "type": "seen", "source": "https://t.me/cibsecurity/70711", "content": "\u203c CVE-2022-47554 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Exposure of sensitive information in ekorCCP and ekorRCI, potentially allowing a remote attacker to obtain critical information from various .xml files, including .xml files containing credentials, without being authenticated within the web server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T16:29:17.000000Z"}, {"uuid": "0bd964ad-37fe-4c08-b200-5bbb5f26a330", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47557", "type": "seen", "source": "https://t.me/cibsecurity/70710", "content": "\u203c CVE-2022-47557 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in ekorCCP and ekorRCI that could allow an attacker with access to the network where the device is located to decrypt the credentials of privileged users, and subsequently gain access to the system to perform malicious actions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T16:29:16.000000Z"}, {"uuid": "7229b1ed-2782-450a-9374-ca0bb74ee691", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47556", "type": "seen", "source": "https://t.me/cibsecurity/70717", "content": "\u203c CVE-2022-47556 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Uncontrolled resource consumption in ekorRCI, allowing an attacker with low-privileged access to the web server to send continuous legitimate web requests to a functionality that is not properly validated, in order to cause a denial of service (DoS) on the device.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T16:29:24.000000Z"}, {"uuid": "94893561-ee02-4dbf-8b7c-7ab35a41303a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47558", "type": "seen", "source": "https://t.me/cibsecurity/70716", "content": "\u203c CVE-2022-47558 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T16:29:23.000000Z"}, {"uuid": "64155c2b-4e0e-43b2-8ec4-5e0488fcb20f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47555", "type": "seen", "source": "https://t.me/cibsecurity/70714", "content": "\u203c CVE-2022-47555 \u203c\n\n** UNSUPPPORTED WHEN ASSIGNED ** Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-09-19T16:29:21.000000Z"}, {"uuid": "1a755c42-04d0-4d24-a2e6-9319282328a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4755", "type": "seen", "source": "https://t.me/cibsecurity/55387", "content": "\u203c CVE-2022-4755 \u203c\n\nA vulnerability was found in FlatPress and classified as problematic. This issue affects the function main of the file fp-plugins/mediamanager/panels/panel.mediamanager.file.php of the component Media Manager Plugin. The manipulation of the argument mm-newgallery-name leads to cross site scripting. The attack may be initiated remotely. The name of the patch is d3f329496536dc99f9707f2f295d571d65a496f5. It is recommended to apply a patch to fix this issue. The identifier VDB-216869 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-27T12:24:59.000000Z"}, {"uuid": "d4025559-59f5-4ad6-8d2e-2c4207121dd0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-47551", "type": "seen", "source": "https://t.me/cibsecurity/54944", "content": "\u203c CVE-2022-47551 \u203c\n\nApiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-20T02:11:56.000000Z"}]}