{"vulnerability": "CVE-2022-4099", "sightings": [{"uuid": "e9fbb563-02bb-49cb-8fa2-e9a340a30538", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40994", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9396", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40994\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall keyword WORD description (WORD|null)' command template.\n\ud83d\udccf Published: 2023-01-26T21:24:38.340Z\n\ud83d\udccf Modified: 2025-03-28T16:08:53.111Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613", "creation_timestamp": "2025-03-28T16:28:07.000000Z"}, {"uuid": "3d33acb7-1800-4d3f-8729-7c646e4ceacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4099", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/11308", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4099\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection\n\ud83d\udccf Published: 2023-01-02T21:49:32.669Z\n\ud83d\udccf Modified: 2025-04-10T18:39:36.591Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a282dd39-926d-406b-b8f5-e4c6e0c2c028", "creation_timestamp": "2025-04-10T18:49:25.000000Z"}, {"uuid": "08c29821-00da-4326-8169-34609a5ec263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40992", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9394", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40992\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall domain WORD description (WORD|null)' command template.\n\ud83d\udccf Published: 2023-01-26T21:24:38.180Z\n\ud83d\udccf Modified: 2025-03-28T16:11:11.483Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613", "creation_timestamp": "2025-03-28T16:28:02.000000Z"}, {"uuid": "258750a5-8bfb-4ffb-aec8-73f647ac9d5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-40993", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/9395", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-40993\n\ud83d\udd25 CVSS Score: 7.2 (cvssV3_0, Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall keyword WORD description (WORD|null)' command template.\n\ud83d\udccf Published: 2023-01-26T21:24:38.262Z\n\ud83d\udccf Modified: 2025-03-28T16:10:13.760Z\n\ud83d\udd17 References:\n1. https://talosintelligence.com/vulnerability_reports/TALOS-2022-1613", "creation_timestamp": "2025-03-28T16:28:06.000000Z"}, {"uuid": "ed4a1fa7-4f33-4d99-98b1-d318f67a11fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4099", "type": "seen", "source": "https://t.me/cibsecurity/55762", "content": "\u203c CVE-2022-4099 \u203c\n\nThe Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parameters before using them in SQL statements accessible to unauthenticated users, leading to unauthenticated SQL injection\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-03T00:17:01.000000Z"}]}