{"vulnerability": "cve-2022-2514", "sightings": [{"uuid": "59c12821-0e3a-4649-9ff0-ced675f5db71", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25147", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-105-08", "content": "", "creation_timestamp": "2025-04-15T10:00:00.000000Z"}, {"uuid": "9702979e-8495-4316-9da6-59c672a5c371", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/Dooztoria/22", "content": "\ud83c\udf65 Overview of Vulnerable Endpoints in WordPress Applications\n\n    cves               path\n \nCVE-2022-2864  includes/settings.php                               \nCVE-2022-3227  includes/class-searchwp-live-ajax-search.php       \nCVE-2022-2941  admin/class-wp-useronline-admin.php               \nspecifiNoted   includes/class-wpvivid-backup.php                      \nCVE-2022-2436  includes/class-download-manager.php               \nCVE-2022-25148 includes/class-wp-statistics-hits.php               \nCVE-2022-1476  lib/model/class-ai1wm-backups.php                   \nCVE-2022-0236  includes/classes/class-wpie-general.php           \nCVE-2022-1119  includes/ee-downloader.php                       \nCVE-2022-0888  includes/class-ninja-forms-file-uploads.php", "creation_timestamp": "2025-12-19T20:18:03.000000Z"}, {"uuid": "5f22159e-4caa-4bf4-a009-58fb083bd802", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25147", "type": "seen", "source": "https://t.me/ctinow/208642", "content": "https://ift.tt/ZqbEVRN\nCVE-2022-25147 Apache Portable Runtime (APR) Vulnerability in NetApp Products", "creation_timestamp": "2024-03-15T11:26:52.000000Z"}, {"uuid": "a2921572-6f22-434e-b238-1a21052b6975", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25147", "type": "seen", "source": "https://t.me/ctinow/181588", "content": "https://ift.tt/XkAos0T\nCVE-2022-25147 | Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition Platform integer overflow", "creation_timestamp": "2024-02-08T19:41:48.000000Z"}, {"uuid": "71e9ad33-b088-44a8-bad3-2255b147f024", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25147", "type": "seen", "source": "https://t.me/ctinow/181553", "content": "https://ift.tt/zv4gBtI\nCVE-2022-25147 | Oracle Financial Services Behavior Detection Platform 8.0.8.1/8.1.1.1/8.1.2.5/8.1.2.6 Application integer overflow", "creation_timestamp": "2024-02-08T19:12:06.000000Z"}, {"uuid": "a1cbda0e-a2f9-4dc9-9bfd-0091c4e6d439", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/ctinow/173902", "content": "https://ift.tt/u6PQdbO\nCVE-2022-25148 Exploit", "creation_timestamp": "2024-01-26T01:16:58.000000Z"}, {"uuid": "45b88eaf-493f-4b7b-a430-e6e194ccae73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2514", "type": "seen", "source": "https://t.me/cibsecurity/46916", "content": "\u203c CVE-2022-2514 \u203c\n\nThe time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T18:33:20.000000Z"}, {"uuid": "924aacc6-e761-4462-a0b3-996fc139332d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-25148", "type": "seen", "source": "https://t.me/cibsecurity/38047", "content": "\u203c CVE-2022-25148 \u203c\n\nThe WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-02-24T22:14:57.000000Z"}]}