{"vulnerability": "CVE-2022-3884", "sightings": [{"uuid": "92116953-c3b1-4cd0-833b-8808c8a585be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38840", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lztuw332bz2w", "content": "", "creation_timestamp": "2025-09-27T21:02:27.040100Z"}, {"uuid": "750debb8-4c23-4b4e-8c9c-489a8cf78aa6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38840", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lunw5546422x", "content": "", "creation_timestamp": "2025-07-23T21:02:22.994870Z"}, {"uuid": "54625170-36f7-42c0-ba19-fd295eb7178b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38840", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-38840.yaml", "content": "", "creation_timestamp": "2025-09-24T10:37:35.000000Z"}, {"uuid": "6d6ec0e3-7796-4fd0-913c-b76017deb8d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38840", "type": "seen", "source": "https://t.me/cibsecurity/62259", "content": "\u203c CVE-2022-38840 \u203c\n\ncgi-bin/xmlstatus.cgi in G\u00c3\u00bcralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:28.000000Z"}, {"uuid": "0eafe0d0-fa4c-4dd8-be36-37207908c1e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38841", "type": "seen", "source": "https://t.me/cibsecurity/62256", "content": "\u203c CVE-2022-38841 \u203c\n\nLinksys AX3200 1.1.00 is vulnerable to OS command injection by authenticated users via shell metacharacters to the diagnostics traceroute page.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-16T07:27:25.000000Z"}, {"uuid": "cfa8c7ed-1117-4276-8ea2-e7ddd96c65ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38843", "type": "seen", "source": "https://t.me/cibsecurity/49911", "content": "\u203c CVE-2022-38843 \u203c\n\nEspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. Attacker may execute these malicious files to run unintended code on the server to compromise the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:28:51.000000Z"}, {"uuid": "5f8f3bba-ab5d-49ee-ab43-ccdb56d2ac49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3884", "type": "seen", "source": "https://t.me/cibsecurity/59082", "content": "\u203c CVE-2022-3884 \u203c\n\nIncorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-28T07:27:18.000000Z"}, {"uuid": "68009fc9-d128-4649-b7c9-9cfd0a1b1fe9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38846", "type": "seen", "source": "https://t.me/cibsecurity/49910", "content": "\u203c CVE-2022-38846 \u203c\n\nEspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). An attacker may capture the cookie from the insecure channel using MITM attack.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T02:48:14.000000Z"}, {"uuid": "9162dbea-3360-4171-8f36-84b9d0f26cc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38845", "type": "seen", "source": "https://t.me/cibsecurity/49918", "content": "\u203c CVE-2022-38845 \u203c\n\nCross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. Any authenticated user importing the crafted CSV file may end up running the malicious JavaScripting in the browser.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:29:00.000000Z"}, {"uuid": "6258db06-c473-41cf-b721-3cfa18962c3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-38844", "type": "seen", "source": "https://t.me/cibsecurity/49917", "content": "\u203c CVE-2022-38844 \u203c\n\nCSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-16T18:28:59.000000Z"}]}