{"vulnerability": "cve-2022-2797", "sightings": [{"uuid": "283b576a-6254-4e91-b1b1-9b87afdbd617", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27978", "type": "seen", "source": "https://t.me/cibsecurity/62913", "content": "\u203c CVE-2022-27978 \u203c\n\nTooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T20:25:57.000000Z"}, {"uuid": "87f41e58-94ea-4ec1-a982-9ac8d700d9dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-27979", "type": "seen", "source": "https://t.me/cibsecurity/62912", "content": "\u203c CVE-2022-27979 \u203c\n\nA cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-26T20:25:56.000000Z"}, {"uuid": "d056b3ff-4dda-4492-b27f-26cd68da3524", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2797", "type": "seen", "source": "https://t.me/cibsecurity/48100", "content": "\u203c CVE-2022-2797 \u203c\n\nA vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-206245 was assigned to this vulnerability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-12T23:23:05.000000Z"}]}