{"vulnerability": "CVE-2022-4800", "sightings": [{"uuid": "7bd59b4a-9b4f-4288-a5e7-5643f3b474c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48007", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9404", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48007\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.\n\ud83d\udccf Published: 2023-01-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T17:09:26.905Z\n\ud83d\udd17 References:\n1. https://github.com/Piwigo/Piwigo/issues/1835", "creation_timestamp": "2025-03-28T17:28:44.000000Z"}, {"uuid": "689069b0-ad4d-49e2-952c-73b4239ac51a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48008", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/9406", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-48008\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.\n\ud83d\udccf Published: 2023-01-27T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-28T17:08:29.166Z\n\ud83d\udd17 References:\n1. https://github.com/Sakura-501/LimeSurvey-5.4.15-PluginUploadtoRCE", "creation_timestamp": "2025-03-28T17:28:45.000000Z"}, {"uuid": "5d672107-88f8-4356-a9e0-f374bbeabd61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4800", "type": "seen", "source": "https://t.me/cibsecurity/55486", "content": "\u203c CVE-2022-4800 \u203c\n\nImproper Verification of Source of a Communication Channel in GitHub repository usememos/memos prior to 0.9.1.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T16:12:27.000000Z"}, {"uuid": "a368270a-448e-4276-9c55-cdee26f88233", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48008", "type": "seen", "source": "https://t.me/cibsecurity/57074", "content": "\u203c CVE-2022-48008 \u203c\n\nAn arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T20:45:39.000000Z"}, {"uuid": "045da886-948a-4df6-9528-eb0f4266127c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48006", "type": "seen", "source": "https://t.me/cibsecurity/57170", "content": "\u203c CVE-2022-48006 \u203c\n\nAn arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-31T00:43:35.000000Z"}, {"uuid": "80b3d1af-987b-4009-a2b0-96c0a1c215ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-48007", "type": "seen", "source": "https://t.me/cibsecurity/57079", "content": "\u203c CVE-2022-48007 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T20:45:45.000000Z"}]}