{"vulnerability": "CVE-2022-2577", "sightings": [{"uuid": "6e20522b-9d05-4b19-9c77-12b7de041c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25773", "type": "seen", "source": "https://bsky.app/profile/druid.fi/post/3lj33ptmzfc2z", "content": "", "creation_timestamp": "2025-02-26T09:44:34.954416Z"}, {"uuid": "dadbe3d3-fbf0-435c-a8a7-3183f9ff6c91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25773", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/5485", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-25773\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\ud83d\udd39 Description: This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server.\n\n  *  Improper Limitation of a Pathname to a Restricted Directory:\u00a0A vulnerability exists in the asset upload functionality that allows users to upload files to directories outside of the intended temporary directory.\n\ud83d\udccf Published: 2025-02-26T11:48:33.383Z\n\ud83d\udccf Modified: 2025-02-26T11:56:45.572Z\n\ud83d\udd17 References:\n1. https://github.com/mautic/mautic/security/advisories/GHSA-4w2w-36vm-c8hf", "creation_timestamp": "2025-02-26T12:31:54.000000Z"}, {"uuid": "ca2ff8f2-5b97-42db-bd82-d8fcf4a5e766", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25777", "type": "seen", "source": "Telegram/URMNNxIV8_RjB83lFK5_xr5AlTUqX4KtVADidaTdXhDz47Eu", "content": "", "creation_timestamp": "2025-03-02T11:44:19.000000Z"}, {"uuid": "eef31c68-4127-4416-be27-f6f7caeeca0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2577", "type": "seen", "source": "https://t.me/cibsecurity/47268", "content": "\u203c CVE-2022-2577 \u203c\n\nA vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2'%20UNION%20select%2011,user(),333,444--+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-29T20:13:43.000000Z"}, {"uuid": "5c45e0d1-1dfb-4734-a49e-1dc85d3d1892", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25770", "type": "seen", "source": "https://t.me/cvedetector/6036", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-25770 - Mautic Upgrade Script Remote Code Execution\", \n  \"Content\": \"CVE ID : CVE-2022-25770 \nPublished : Sept. 18, 2024, 10:15 p.m. | 39\u00a0minutes ago \nDescription : Mautic allows you to update the application via an upgrade script.  \n  \nThe upgrade logic isn't shielded off correctly, which may lead to vulnerable situation.  \n  \nThis vulnerability is mitigated by the fact that Mautic needs to be installed in a certain way to be vulnerable. \nSeverity: 7.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T01:07:06.000000Z"}, {"uuid": "f57b6dbc-231b-4581-9613-49abad853aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25777", "type": "seen", "source": "https://t.me/cvedetector/5999", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-25777 - Mautic SSRF Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-25777 \nPublished : Sept. 18, 2024, 4:15 p.m. | 41\u00a0minutes ago \nDescription : Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"18 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-18T19:15:43.000000Z"}, {"uuid": "c004fc9c-efa9-4e6f-8775-18a01fe2524b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25772", "type": "seen", "source": "https://t.me/cibsecurity/44823", "content": "\u203c CVE-2022-25772 \u203c\n\nA cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-20T16:28:15.000000Z"}]}