{"vulnerability": "cve-2022-2464", "sightings": [{"uuid": "a614809d-6aab-46ff-9ad2-b00ff375085d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2464", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12113", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2464\n\ud83d\udd25 CVSS Score: 7.7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.\n\ud83d\udccf Published: 2022-08-25T17:24:59.000Z\n\ud83d\udccf Modified: 2025-04-16T17:50:01.212Z\n\ud83d\udd17 References:\n1. https://www.cisa.gov/uscert/ics/advisories/icsa-22-202-03", "creation_timestamp": "2025-04-16T17:56:43.000000Z"}, {"uuid": "c9beae06-2a98-4399-a6c4-0babc5e08245", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24644", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2370", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aBai cuoi ky CVE-2022-24644\nURL\uff1ahttps://github.com/ThanhThuy2908/ATHDH_CVE_2022_24644\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-06-02T07:35:22.000000Z"}, {"uuid": "0dcc17f0-ed4a-4885-a100-e1814ec2b37f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2464", "type": "seen", "source": "https://t.me/cibsecurity/48805", "content": "\u203c CVE-2022-2464 \u203c\n\nRockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-25T22:24:27.000000Z"}, {"uuid": "beb89be1-1fbc-44cc-9c9b-6038114ddeab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24644", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/2268", "content": "#exploit\n1. CVE-2022-28944/CVE-2022-24644:\nEMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE\nhttps://github.com/gerr-re/cve-2022-28944\nhttps://github.com/gerr-re/cve-2022-24644\n\n2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]\nhttps://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover\n\n3. CVE-2022-3656:\nSymbolic Link Following + Upload Warning Bypass\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34", "creation_timestamp": "2023-01-15T14:05:50.000000Z"}, {"uuid": "0cd5bc32-655e-460d-a336-5c50b2927cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24644", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/7548", "content": "#exploit\n1. CVE-2022-28944/CVE-2022-24644:\nEMCO Software Multiple Products/KeyMouse 3.08 (Win) - Unauth. Update RCE\nhttps://github.com/gerr-re/cve-2022-28944\nhttps://github.com/gerr-re/cve-2022-24644\n\n2. Client-Side SSRF to Google Cloud Project Takeover [Google VRP]\nhttps://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover\n\n3. CVE-2022-3656:\nSymbolic Link Following + Upload Warning Bypass\nhttps://bugs.chromium.org/p/chromium/issues/detail?id=1345275#c34", "creation_timestamp": "2023-01-14T12:57:01.000000Z"}, {"uuid": "375440e9-53c8-45ee-97b0-4f5b41f37613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24647", "type": "seen", "source": "https://t.me/cibsecurity/37270", "content": "\u203c CVE-2022-24647 \u203c\n\nCuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T02:28:00.000000Z"}, {"uuid": "f8f1c15f-e02c-49c0-8f98-6c6cc1f36241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24646", "type": "seen", "source": "https://t.me/cibsecurity/37269", "content": "\u203c CVE-2022-24646 \u203c\n\nHospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-11T02:27:59.000000Z"}, {"uuid": "0c6681f5-0634-49de-8d38-3ca8130d58fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-24643", "type": "seen", "source": "https://t.me/cibsecurity/39580", "content": "\u203c CVE-2022-24643 \u203c\n\nA stored cross-site scripting (XSS) issue was discovered in the OpenEMR Hospital Information Management System version 6.0.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-25T23:30:56.000000Z"}]}