{"vulnerability": "cve-2022-4546", "sightings": [{"uuid": "66bf52f3-9d09-4e85-91a8-4de0b614aaa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45460", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3llcon5pyxx2s", "content": "", "creation_timestamp": "2025-03-26T21:02:08.779094Z"}, {"uuid": "e07f7acc-fd64-4ff2-8d41-65e8bf0bfddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45460", "type": "seen", "source": "https://mastodon.social/users/hrbrmstr/statuses/115428837324435047", "content": "", "creation_timestamp": "2025-10-24T11:11:24.231113Z"}, {"uuid": "abb286fa-3c0a-4329-9cfd-8a36b1bb68c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45460", "type": "seen", "source": "https://bsky.app/profile/hrbrmstr.mastodon.social.ap.brid.gy/post/3m3wqill5wkv2", "content": "", "creation_timestamp": "2025-10-24T11:12:25.420720Z"}, {"uuid": "1a21af7d-ec80-46f5-b0e0-899e1506bc22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45461", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13816", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45461\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N)\n\ud83d\udd39 Description: The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.\n\ud83d\udccf Published: 2022-11-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-29T13:54:22.295Z\n\ud83d\udd17 References:\n1. https://www.veritas.com/content/support/en_US/security/VTS22-015", "creation_timestamp": "2025-04-29T14:11:44.000000Z"}, {"uuid": "1d37d0ab-f998-4542-8f1d-cafbe18817fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45468", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2247", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45468\n\ud83d\udd39 Description: Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\ud83d\udccf Published: 2023-03-21T22:24:37.550Z\n\ud83d\udccf Modified: 2025-01-17T22:05:23.827Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/news-events/ics-advisories/icsa-23-080-05", "creation_timestamp": "2025-01-17T22:57:15.000000Z"}, {"uuid": "94dc13c4-ad46-45f7-b421-ee174cd77776", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4546", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/8401", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4546\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Mapwiz WordPress plugin through 1.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n\ud83d\udccf Published: 2023-02-13T14:32:13.555Z\n\ud83d\udccf Modified: 2025-03-21T18:01:39.660Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/009578b9-016d-49c2-9577-49756c35e1e8\n2. https://bulletin.iese.de/post/mapwiz_1-0-1/", "creation_timestamp": "2025-03-21T18:20:02.000000Z"}, {"uuid": "6bb660ae-31f1-4964-84f6-30a7d322c8ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45460", "type": "seen", "source": "https://t.me/cibsecurity/60985", "content": "\u203c CVE-2022-45460 \u203c\n\nMultiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T02:14:51.000000Z"}, {"uuid": "d55cb3c9-b4a9-4d5f-af5b-44881b207669", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45462", "type": "seen", "source": "https://t.me/cibsecurity/53409", "content": "\u203c CVE-2022-45462 \u203c\n\nAlarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T16:10:17.000000Z"}, {"uuid": "04407174-07a7-40c1-91a7-fcc7850ffc4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45461", "type": "seen", "source": "https://t.me/cibsecurity/53058", "content": "\u203c CVE-2022-45461 \u203c\n\nThe Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-17T16:01:55.000000Z"}, {"uuid": "c2d17fda-494d-4635-a0f5-510ef484da6d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45460", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/11791", "content": "#exploit\n1. CVE-2024-0012/CVE-2024-9474:\nAuth Bypass in PAN-OS Web Interface\nhttps://github.com/dcollaoa/cve-2024-0012-gui-poc\n\n2. CVE-2025-23369:\nGitHub Entreprise Server SAML auth bypass\nhttps://github.com/hakivvi/cve-2025-23369\n\n3. CVE-2022-45460:\nROPing our way to RCE\nhttps://modzero.com/en/blog/roping-our-way-to-rce", "creation_timestamp": "2025-02-09T22:44:51.000000Z"}]}