{"vulnerability": "CVE-2022-2424", "sightings": [{"uuid": "e60f3e50-67e4-4e68-9b53-1bc5525371c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2424", "type": "seen", "source": "https://t.me/cibsecurity/47730", "content": "\u203c CVE-2022-2424 \u203c\n\nThe Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-08T18:23:40.000000Z"}, {"uuid": "8c2cd042-9d1f-4484-957e-8b80a7bc79fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24240", "type": "seen", "source": "https://t.me/cibsecurity/43675", "content": "\u203c CVE-2022-24240 \u203c\n\nACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-02T18:31:46.000000Z"}, {"uuid": "374e1cea-72a0-4941-8b31-f2834a340cc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24247", "type": "seen", "source": "https://t.me/cibsecurity/40608", "content": "\u203c CVE-2022-24247 \u203c\n\nRiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to overwrite any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to write) resulting a remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T16:16:50.000000Z"}, {"uuid": "d51e5f1a-ef64-4790-93d5-e51a256c0237", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24248", "type": "seen", "source": "https://t.me/cibsecurity/40612", "content": "\u203c CVE-2022-24248 \u203c\n\nRiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-12T16:21:51.000000Z"}, {"uuid": "0c8b9d84-fe5f-4c04-9dbb-2124891409b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24249", "type": "seen", "source": "https://t.me/cibsecurity/36871", "content": "\u203c CVE-2022-24249 \u203c\n\nA Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T22:36:24.000000Z"}]}