{"vulnerability": "cve-2022-2742", "sightings": [{"uuid": "b2d60d99-d301-4c16-8514-7ab6aa167c24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27429", "type": "seen", "source": "https://t.me/cibsecurity/41377", "content": "\u203c CVE-2022-27429 \u203c\n\nJizhicms v1.9.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via /admin.php/Plugins/update.html.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:09.000000Z"}, {"uuid": "fa8efa8d-c8c3-4cbb-a385-c9b0b9bae916", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27428", "type": "seen", "source": "https://t.me/cibsecurity/41374", "content": "\u203c CVE-2022-27428 \u203c\n\nA stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-25T16:36:05.000000Z"}, {"uuid": "4863cddb-e5ed-4d97-8d33-58ff2791ff5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27427", "type": "seen", "source": "https://t.me/cibsecurity/40966", "content": "\u203c CVE-2022-27427 \u203c\n\nA zero-code remote code injection vulnerability via configuration.php in Chamilo LMS v1.11.13 allows attackers to upload arbitrary code in the form of a new plugin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:21.000000Z"}, {"uuid": "a672a346-ff2e-4dc9-82e1-911243dafacc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27421", "type": "seen", "source": "https://t.me/cibsecurity/40973", "content": "\u203c CVE-2022-27421 \u203c\n\nChamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:31.000000Z"}, {"uuid": "41230496-d913-4e7f-b627-77f79ef873df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27425", "type": "seen", "source": "https://t.me/cibsecurity/40972", "content": "\u203c CVE-2022-27425 \u203c\n\nChamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:30.000000Z"}, {"uuid": "eb421377-7d03-4e4d-8d40-1b1e7207748c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27422", "type": "seen", "source": "https://t.me/cibsecurity/40970", "content": "\u203c CVE-2022-27422 \u203c\n\nA reflected cross-site scripting (XSS) vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:27.000000Z"}, {"uuid": "d273cb14-307f-47d5-b0f4-bb992e0f752c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27426", "type": "seen", "source": "https://t.me/cibsecurity/40969", "content": "\u203c CVE-2022-27426 \u203c\n\nA Server-Side Request Forgery (SSRF) in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:26.000000Z"}, {"uuid": "18d4bd04-fa2b-49ac-9979-49df3f626313", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27423", "type": "seen", "source": "https://t.me/cibsecurity/40968", "content": "\u203c CVE-2022-27423 \u203c\n\nChamilo LMS v1.11.13 was discovered to contain a SQL injection vulnerability via the blog_id parameter at /blog/blog.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:24.000000Z"}]}