{"vulnerability": "cve-2022-2412", "sightings": [{"uuid": "76d7681e-b04d-4459-873f-bbb19de0241e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24122", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1663", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-24122 Proof of Concept\nURL\uff1ahttps://github.com/meowmeowxw/CVE-2022-24122", "creation_timestamp": "2022-03-15T08:42:35.000000Z"}, {"uuid": "0dba5300-5cf6-4521-9017-6084088411e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24124", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1550", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPOC for CVE-2022-24124\nURL\uff1ahttps://github.com/ColdFusionX/CVE-2022-24124", "creation_timestamp": "2022-02-27T07:33:48.000000Z"}, {"uuid": "cf29f18e-480d-4174-ba7a-348d7ed9a438", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24125", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1697", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDocumentation and proof of concept code for CVE-2022-24125 and CVE-2022-24126.\nURL\uff1ahttps://github.com/tremwil/ds3-nrssr-rce\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-22T01:01:20.000000Z"}, {"uuid": "0c1ac953-859d-4443-8cf8-02a6a21898e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24126", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1697", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDocumentation and proof of concept code for CVE-2022-24125 and CVE-2022-24126.\nURL\uff1ahttps://github.com/tremwil/ds3-nrssr-rce\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-03-22T01:01:20.000000Z"}, {"uuid": "e4c0d014-5cf6-453c-8fec-6d8611019aad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24120", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11509", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-24120\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Certain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.\n\ud83d\udccf Published: 2022-12-26T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-11T23:31:04.226Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06", "creation_timestamp": "2025-04-11T23:51:15.000000Z"}, {"uuid": "c1a63bcb-17fe-4429-a22b-657979bac37a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24124", "type": "seen", "source": "https://t.me/ctinow/48210", "content": "Casdoor SQL Injection (CVE-2022-24124)\n\nhttps://ift.tt/aQrKzDB", "creation_timestamp": "2022-03-09T11:36:32.000000Z"}, {"uuid": "bb198efc-7f7c-41c7-b776-1b7f0ee3927b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24120", "type": "seen", "source": "https://t.me/cibsecurity/55328", "content": "\u203c CVE-2022-24120 \u203c\n\nCertain General Electric Renewable Energy products store cleartext credentials in flash memory. This affects iNET and iNET II before 8.3.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T07:40:33.000000Z"}, {"uuid": "22ca25cb-2c3e-47a7-9887-07943e9cb654", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24125", "type": "seen", "source": "https://t.me/cibsecurity/39292", "content": "\u203c CVE-2022-24125 \u203c\n\nThe matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-20T06:23:27.000000Z"}, {"uuid": "f2ef9d8a-58fa-4734-aca8-38b7f4ddcfba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24121", "type": "seen", "source": "https://t.me/cibsecurity/36735", "content": "\u203c CVE-2022-24121 \u203c\n\nSQL Injection vulnerability discovered in Unified Office Total Connect Now that would allow an attacker to extract sensitive information through a cookie parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-03T07:29:30.000000Z"}, {"uuid": "3f393903-9ab0-40a0-86db-ce346a6b7947", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24129", "type": "seen", "source": "https://t.me/cibsecurity/36875", "content": "\u203c CVE-2022-24129 \u203c\n\nThe OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-04T22:36:28.000000Z"}, {"uuid": "644d3e32-ddff-423c-bef8-e25415f0e285", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24122", "type": "seen", "source": "https://t.me/cibsecurity/36559", "content": "\u203c CVE-2022-24122 \u203c\n\nkernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-30T00:23:09.000000Z"}, {"uuid": "e21bcf1b-a021-43f6-8314-af9a7fe17d0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24124", "type": "seen", "source": "https://t.me/cibsecurity/36566", "content": "\u203c CVE-2022-24124 \u203c\n\nThe query API in Casdoor before 1.13.1 has a SQL injection vulnerability related to the field and value parameters, as demonstrated by api/get-organizations.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-30T02:23:22.000000Z"}, {"uuid": "a41a78fd-9d7b-4a98-9940-96a81ab93c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24123", "type": "seen", "source": "https://t.me/cibsecurity/36565", "content": "\u203c CVE-2022-24123 \u203c\n\nMarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This could lead to Remote Code Execution via a .md file containing a mutation Cross-Site Scripting (XSS) payload.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-30T02:23:17.000000Z"}, {"uuid": "0067bf2a-b1df-43f5-aee2-763f2d46b546", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24124", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/6742", "content": "#exploit\n1. CVE-2021-38297:\nGo Web Assembly Vulnerability\nhttps://jfrog.com/blog/cve-2021-38297-analysis-of-a-go-web-assembly-vulnerability\n\n2. CVE-2022-24124:\nCasdoor SQL Injection\nhttps://github.com/cukw/CVE-2022-24124_POC\n]-> https://blog.qualys.com/vulnerabilities-threat-research/2022/03/09/casdoor-sql-injection-cve-2022-24124", "creation_timestamp": "2022-09-05T12:37:13.000000Z"}]}