{"vulnerability": "cve-2022-2860", "sightings": [{"uuid": "b24af9bf-f545-43aa-9c13-0a7494a1fe6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2860", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/17191", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-2860\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page.\n\ud83d\udccf Published: 2022-09-26T15:01:16.000Z\n\ud83d\udccf Modified: 2025-05-21T19:10:29.991Z\n\ud83d\udd17 References:\n1. https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html\n2. https://crbug.com/1345193\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "creation_timestamp": "2025-05-21T19:43:03.000000Z"}, {"uuid": "8144e488-ce6e-4430-ad4a-616207612eaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28607", "type": "seen", "source": "https://t.me/cibsecurity/53761", "content": "\u203c CVE-2022-28607 \u203c\n\nAn issue was discovered in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to gain sensitive information via the action parameter to /system/user/modules/mod_users/controller.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-01T16:45:31.000000Z"}, {"uuid": "6cc2fdeb-06e0-4265-9faf-9fb6b71ebee2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28601", "type": "seen", "source": "https://t.me/cibsecurity/42311", "content": "\u203c CVE-2022-28601 \u203c\n\nA Two-Factor Authentication (2FA) bypass vulnerability in \"Simple 2FA Plugin for Moodle\" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-11T00:43:00.000000Z"}, {"uuid": "051fd5f6-c42b-4c23-aa3b-34b53c76a8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28601", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5974", "content": "#exploit\n1. CVE-2022-28601:\nA Two-Factor Authentication bypass vulnerability in \"Simple 2FA Plugin for Moodle\" by LMS Doctor\nhttps://github.com/FlaviuPopescu/CVE-2022-28601\n\n2. CVE-2022-28590:\nRCE vulnerability in Pixelimity\nhttps://github.com/jcarabantes/CVE-2022-28590", "creation_timestamp": "2022-05-10T13:27:31.000000Z"}]}