https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Sun, 10 May 2026 05:42:30 +0000 https://vulnerability.circl.lu/sighting/17996480-d548-41a1-82f7-077768a5f7f3/export {"uuid": "17996480-d548-41a1-82f7-077768a5f7f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28062", "type": "seen", "source": "https://t.me/cibsecurity/40108", "content": "\u203c CVE-2022-28062 \u203c\n\nCar Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T18:27:53.000000Z"} {"uuid": "17996480-d548-41a1-82f7-077768a5f7f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28062", "type": "seen", "source": "https://t.me/cibsecurity/40108", "content": "\u203c CVE-2022-28062 \u203c\n\nCar Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-04T18:27:53.000000Z"} https://vulnerability.circl.lu/sighting/17996480-d548-41a1-82f7-077768a5f7f3/export Mon, 04 Apr 2022 18:27:53 +0000 https://vulnerability.circl.lu/sighting/a735e215-8ae5-4657-a16c-fc4060383fba/export {"uuid": "a735e215-8ae5-4657-a16c-fc4060383fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28062", "type": "published-proof-of-concept", "source": "https://t.me/ShizoPrivacy/249", "content": "|CVE-2022-28062|\nCar Rental System Unrestricted File Upload + RCE\n\n\ud83d\ude98\u0412 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u043e\u043a\u0430\u0442\u0430 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 Car Rental System v1.0( WordPress \u043f\u043b\u0430\u0433\u0438\u043d) \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \"AddCar\", \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b. \u0427\u0442\u043e \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0432\u0435\u0431\u0448\u0435\u043b\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \n\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e PoC \u043d\u0438\u0436\u0435.\nPoC(Github)\n\n\ud83d\ude98In the Car Rental System v1.0 (WordPress plugin), a vulnerability was found in the \"addCar\" function of adding a car, which allows anyone to upload an arbitrary file. Which subsequently enables the attacker to download the webshell and execute arbitrary code.\nI attach the PoC below.\nPoC(Github)\n\n#cve #poc", "creation_timestamp": "2022-04-04T19:50:41.000000Z"} {"uuid": "a735e215-8ae5-4657-a16c-fc4060383fba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28062", "type": "published-proof-of-concept", "source": "https://t.me/ShizoPrivacy/249", "content": "|CVE-2022-28062|\nCar Rental System Unrestricted File Upload + RCE\n\n\ud83d\ude98\u0412 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u043f\u0440\u043e\u043a\u0430\u0442\u0430 \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u0435\u0439 Car Rental System v1.0( WordPress \u043f\u043b\u0430\u0433\u0438\u043d) \u0431\u044b\u043b\u0430 \u043d\u0430\u0439\u0434\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0430\u0432\u0442\u043e\u043c\u043e\u0431\u0438\u043b\u044f \"AddCar\", \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043b\u044e\u0431\u043e\u043c\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u0444\u0430\u0439\u043b. \u0427\u0442\u043e \u0432\u043f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u0438 \u0434\u0430\u0451\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u043c\u0443 \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c \u0432\u0435\u0431\u0448\u0435\u043b\u043b \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434. \n\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u044b\u0432\u0430\u044e PoC \u043d\u0438\u0436\u0435.\nPoC(Github)\n\n\ud83d\ude98In the Car Rental System v1.0 (WordPress plugin), a vulnerability was found in the \"addCar\" function of adding a car, which allows anyone to upload an arbitrary file. Which subsequently enables the attacker to download the webshell and execute arbitrary code.\nI attach the PoC below.\nPoC(Github)\n\n#cve #poc", "creation_timestamp": "2022-04-04T19:50:41.000000Z"} https://vulnerability.circl.lu/sighting/a735e215-8ae5-4657-a16c-fc4060383fba/export Mon, 04 Apr 2022 19:50:41 +0000