{"vulnerability": "CVE-2022-4165", "sightings": [{"uuid": "6a5ad11f-6eef-4a90-a6e8-ce581408b4cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4165", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11517", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4165\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_order POST parameter before concatenating it to an SQL query in order-custom-fields-with-and-without-search.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database.\n\ud83d\udccf Published: 2022-12-26T12:28:01.816Z\n\ud83d\udccf Modified: 2025-04-11T23:20:05.228Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/857aba7d-fccd-4672-b734-ab228440dcc0\n2. https://bulletin.iese.de/post/contest-gallery_19-1-4-1_17", "creation_timestamp": "2025-04-11T23:51:26.000000Z"}, {"uuid": "bf407a8a-8a3c-416a-b8b9-0569fdcc0dd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41654", "type": "seen", "source": "https://t.me/cibsecurity/55106", "content": "\u203c CVE-2022-41654 \u203c\n\nAn authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T12:13:31.000000Z"}, {"uuid": "ad18244c-f503-4b6d-afca-991b8279c109", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41652", "type": "seen", "source": "https://t.me/cibsecurity/53155", "content": "\u203c CVE-2022-41652 \u203c\n\nBypass vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-18T22:29:25.000000Z"}, {"uuid": "1e63f869-062a-4eac-b89c-69a634a887ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41653", "type": "seen", "source": "https://t.me/cibsecurity/54468", "content": "\u203c CVE-2022-41653 \u203c\n\nDaikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-14T00:22:00.000000Z"}, {"uuid": "3219455a-f9d9-4cef-aebb-66ce8ff75d9e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41657", "type": "seen", "source": "https://t.me/cibsecurity/52316", "content": "\u203c CVE-2022-41657 \u203c\n\nDelta Electronics InfraSuite Device Master Versions 00.00.01a and prior allow attacker provided data already serialized into memory to be used in file operation application programmable interfaces (APIs). This could create arbitrary files, which could be used in API operations and could ultimately result in remote code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:13:21.000000Z"}, {"uuid": "8312e2f8-6237-46f5-84c8-d8a9d402e123", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41651", "type": "seen", "source": "https://t.me/cibsecurity/52184", "content": "\u203c CVE-2022-41651 \u203c\n\nThe affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the SetPF API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T00:29:02.000000Z"}]}