{"vulnerability": "cve-2022-0757", "sightings": [{"uuid": "cec8304e-c729-4d30-8e0a-b4afbd1b1386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0757", "type": "seen", "source": "https://t.me/cibsecurity/39184", "content": "\u203c CVE-2022-0757 \u203c\n\nRapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the \"ANY\" and \"OR\" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-18T01:22:01.000000Z"}, {"uuid": "a085f0ff-7a33-4870-bec6-c5b68dbc6427", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0757", "type": "seen", "source": "https://t.me/ptswarm/117", "content": "Rapid7 fixed an SQL-Injection (CVE-2022-0757) and an XSS (CVE-2022-0758) in Nexpose Vulnerability Scanner found by our researcher Aleksey Solovev.\n\nAdvisory: https://docs.rapid7.com/release-notes/nexpose/20220302/", "creation_timestamp": "2022-03-28T19:46:33.000000Z"}, {"uuid": "986ec16b-692c-453d-9370-a75af116b461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0757", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/128", "content": "PoC for a Post-Auth SQL-Injection (CVE-2022-0757) in Nexpose Vulnerability Scanner <= 6.6.128\n\nDefault port: 3780\nDefault username: nxadmin\nAffected handler: /data/asset/filterAssets", "creation_timestamp": "2022-06-02T14:58:14.000000Z"}, {"uuid": "5dc1fc2b-d021-4320-825b-0d540c9dcb3e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0757", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9645", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 Zero-Day: \ud83c\udf81 PoC for a Post-Auth SQL-Injection (CVE-2022-0757) in Nexpose Vulnerability Scanner <= 6.6.128\n\nDefault port: 3780\nDefault username: nxadmin\nAffected handler: /data/asset/filterAssets\n\nSource: PT Swarm", "creation_timestamp": "2022-06-02T14:29:17.000000Z"}, {"uuid": "641d6000-8707-48cb-9b67-e4745cd53262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-0757", "type": "published-proof-of-concept", "source": "Telegram/vJGL4IqIxBWpv4DlCpjkpo7GIOZb7LMFQqscB04g3mD-hQ", "content": "", "creation_timestamp": "2022-07-03T11:06:48.000000Z"}]}