{"vulnerability": "CVE-2022-4157", "sightings": [{"uuid": "a3d41724-5dd7-4cf4-aa92-5dac56e06b79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf6jqzkhqa2k", "content": "", "creation_timestamp": "2025-01-07T20:52:57.655061Z"}, {"uuid": "ba7911f0-4768-4603-a3e2-e3ab85279446", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113793519730273207", "content": "", "creation_timestamp": "2025-01-08T15:48:35.570923Z"}, {"uuid": "61b612d2-69f0-41c5-846a-ba006e8e06d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/113793519806503558", "content": "", "creation_timestamp": "2025-01-08T15:48:36.169354Z"}, {"uuid": "b6e1b07b-cb42-4b17-9cfd-66a516183708", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113788714578219448", "content": "", "creation_timestamp": "2025-01-07T19:26:34.004318Z"}, {"uuid": "11763ae3-ce04-44ca-a34d-c99fb7da7d83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113788740810947173", "content": "", "creation_timestamp": "2025-01-07T19:33:15.318015Z"}, {"uuid": "80ffde09-da8a-4107-82da-da2f9e8a9bb8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6hodwrjx2e", "content": "", "creation_timestamp": "2025-01-07T20:15:40.033588Z"}, {"uuid": "59f0edaf-9929-4f92-9bbf-3f9f85f86f3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lf6hohgqk72e", "content": "", "creation_timestamp": "2025-01-07T20:15:43.777450Z"}, {"uuid": "d3b74d6e-ca7c-4f23-b064-1ee03dab0e11", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lf6jqzw2n72u", "content": "", "creation_timestamp": "2025-01-07T20:52:59.453421Z"}, {"uuid": "35d336db-c8f4-4e73-91c9-5fb28036a576", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/534", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41572\n\ud83d\udd39 Description: An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server.\n\ud83d\udccf Published: 2025-01-07T00:00:00\n\ud83d\udccf Modified: 2025-01-07T19:24:35.658765\n\ud83d\udd17 References:\n1. https://github.com/EyesOfNetworkCommunity/eonweb/issues/120\n2. https://github.com/Orange-Cyberdefense/CVE-repository/", "creation_timestamp": "2025-01-07T19:38:20.000000Z"}, {"uuid": "4927fd42-3d62-4724-bc6d-8fd2dd4266eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4157", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11511", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4157\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.\n\ud83d\udccf Published: 2022-12-26T12:27:57.791Z\n\ud83d\udccf Modified: 2025-04-11T23:27:16.019Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/71feec63-67a5-482e-bf77-1396c306fae6\n2. https://bulletin.iese.de/post/contest-gallery_19-1-4-1_3", "creation_timestamp": "2025-04-11T23:51:17.000000Z"}, {"uuid": "cfc01d72-4702-4bd4-90e7-5ab8a89b3232", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/532", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41573\n\ud83d\udd39 Description: An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution.\n\ud83d\udccf Published: 2025-01-07T00:00:00\n\ud83d\udccf Modified: 2025-01-07T19:28:16.474965\n\ud83d\udd17 References:\n1. https://bitbucket.org/cantico/ovidentia/branches/\n2. https://github.com/Orange-Cyberdefense/CVE-repository/\n3. https://github.com/Orange-Cyberdefense/CVE-repository/blob/master/PoCs/poc_CVE-2022-41573.txt", "creation_timestamp": "2025-01-07T19:37:33.000000Z"}, {"uuid": "a020037d-c572-4fe2-84c6-a4799aff19c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41573", "type": "seen", "source": "https://t.me/cvedetector/14605", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-41573 - Ovidentia Image Upload RCE Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-41573 \nPublished : Jan. 7, 2025, 8:15 p.m. | 42\u00a0minutes ago \nDescription : An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T22:15:06.000000Z"}, {"uuid": "abc4d233-95a6-44ab-b9c1-33f28f60db4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41575", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15332", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41575\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: A credential-exposure vulnerability in the support-bundle mechanism in Gradle Enterprise 2022.3 through 2022.3.3 allows remote attackers to access a subset of application data (e.g., cleartext credentials). This is fixed in 2022.3.3.\n\ud83d\udccf Published: 2022-10-21T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-07T14:36:04.492Z\n\ud83d\udd17 References:\n1. https://security.gradle.com\n2. https://security.gradle.com/advisory/2022-13", "creation_timestamp": "2025-05-07T15:22:54.000000Z"}, {"uuid": "ca003e51-e90c-42ba-ab66-c98d3b711a58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4157", "type": "seen", "source": "https://t.me/cibsecurity/55349", "content": "\u203c CVE-2022-4157 \u203c\n\nThe Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_option_id POST parameter before concatenating it to an SQL query in export-votes-all.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T16:40:46.000000Z"}, {"uuid": "260897f7-51c1-42f4-a8a9-b838e2369931", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41572", "type": "seen", "source": "https://t.me/cvedetector/14608", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-41572 - EyesOfNetwork EON Privilege Escalation Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-41572 \nPublished : Jan. 7, 2025, 8:15 p.m. | 42\u00a0minutes ago \nDescription : An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"07 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-07T22:15:08.000000Z"}, {"uuid": "1aa23853-c415-41da-8dbc-325d57521120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41578", "type": "seen", "source": "https://t.me/cibsecurity/51455", "content": "\u203c CVE-2022-41578 \u203c\n\nThe MPTCP module has an out-of-bounds write vulnerability.Successful exploitation of this vulnerability may cause root privilege escalation attacks implemented by modifying program information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-14T20:29:16.000000Z"}, {"uuid": "7155f156-24da-4d0f-be59-25d9519d39ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41579", "type": "seen", "source": "https://t.me/cibsecurity/55501", "content": "\u203c CVE-2022-41579 \u203c\n\nThere is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-28T20:12:28.000000Z"}, {"uuid": "925ef763-4f69-4438-a19f-a64483da0039", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41570", "type": "seen", "source": "https://t.me/cibsecurity/50546", "content": "\u203c CVE-2022-41570 \u203c\n\nAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T02:36:32.000000Z"}, {"uuid": "791f98db-a926-4bdd-b8a6-1b93a16690e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41574", "type": "seen", "source": "https://t.me/cibsecurity/51029", "content": "\u203c CVE-2022-41574 \u203c\n\nAn access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-08T00:17:36.000000Z"}, {"uuid": "044d2116-1ef3-4311-bc15-2b5fe95327fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41571", "type": "seen", "source": "https://t.me/cibsecurity/50543", "content": "\u203c CVE-2022-41571 \u203c\n\nAn issue was discovered in EyesOfNetwork (EON) through 5.3.11. Local file inclusion can occur.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-28T02:36:26.000000Z"}]}