{"vulnerability": "CVE-2022-4215", "sightings": [{"uuid": "5099c728-b1df-49b7-8c01-9afa8e40201b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42154", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16417", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42154\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T20:57:08.968Z\n\ud83d\udd17 References:\n1. https://github.com/xxhzz1/74cmsSE-Arbitrary-file-upload-vulnerability/issues/1", "creation_timestamp": "2025-05-14T21:32:23.000000Z"}, {"uuid": "be8dd78a-2f5a-425a-b895-0160f5917dbd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42156", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/16512", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42156\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: D-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.\n\ud83d\udccf Published: 2022-10-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-15T14:24:31.602Z\n\ud83d\udd17 References:\n1. https://www.dlink.com/en/security-bulletin/\n2. https://github.com/14isnot40/vul_discovery/blob/master/D-Link%20COVR%2012xx%20.pdf", "creation_timestamp": "2025-05-15T14:35:13.000000Z"}, {"uuid": "4ced8843-abc8-4ffd-9a93-bc74b72e4e62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42150", "type": "seen", "source": "https://t.me/cibsecurity/72628", "content": "\u203c CVE-2022-42150 \u203c\n\nTinyLab linux-lab v1.1-rc1 and cloud-labv0.8-rc2, v1.1-rc1 are vulnerable to insecure permissions. The default configuration could cause Container Escape.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-10-20T16:30:01.000000Z"}, {"uuid": "ee313308-191b-4e47-9f5c-1b7e7533c3df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42156", "type": "seen", "source": "https://t.me/cibsecurity/51355", "content": "\u203c CVE-2022-42156 \u203c\n\nD-Link COVR 1200,1203 v1.08 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter at function SetNetworkTomographySettings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T22:28:20.000000Z"}, {"uuid": "0996df85-72c6-4aa1-a356-897c656bd847", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4215", "type": "seen", "source": "https://t.me/cibsecurity/53900", "content": "\u203c CVE-2022-4215 \u203c\n\nThe Chained Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'date' parameter on the 'chainedquiz_list' page in versions up to, and including, 1.3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-03T00:50:22.000000Z"}, {"uuid": "33566495-afef-42d6-b6c1-f0ea99b1d3fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42154", "type": "seen", "source": "https://t.me/cibsecurity/51590", "content": "\u203c CVE-2022-42154 \u203c\n\nAn arbitrary file upload vulnerability in the component /apiadmin/upload/attach of 74cmsSE v3.13.0 allows attackers to execute arbitrary code via a crafted PHP file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-17T18:13:16.000000Z"}, {"uuid": "ea822136-b71b-45c5-bb99-ce05a4a09fc0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42159", "type": "seen", "source": "https://t.me/cibsecurity/51356", "content": "\u203c CVE-2022-42159 \u203c\n\nD-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-13T22:28:21.000000Z"}]}