{"vulnerability": "cve-2022-3158", "sightings": [{"uuid": "5d8b780d-4e20-4ff9-a535-dc5fa7f284a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3158", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16360", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3158\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.\n\ud83d\udccf Published: 2022-10-17T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-14T18:11:50.528Z\n\ud83d\udd17 References:\n1. https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137043", "creation_timestamp": "2025-05-14T18:31:56.000000Z"}, {"uuid": "7e16a8be-9bc4-4dff-86a7-eb11028d4a7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3158", "type": "seen", "source": "https://t.me/cibsecurity/51655", "content": "\u203c CVE-2022-3158 \u203c\n\nRockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation when users enter SQL statements to retrieve information from the back-end database. If successfully exploited, this could allow a user with basic user privileges to perform remote code execution on the server.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-29T14:02:27.000000Z"}, {"uuid": "19ec3fc9-9e4c-44fc-be18-19bff0cd476e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31580", "type": "seen", "source": "https://t.me/cibsecurity/45877", "content": "\u203c CVE-2022-31580 \u203c\n\nThe sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:09.000000Z"}, {"uuid": "739046d6-6979-42ea-a082-3576ef62a461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31582", "type": "seen", "source": "https://t.me/cibsecurity/45876", "content": "\u203c CVE-2022-31582 \u203c\n\nThe shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:08.000000Z"}, {"uuid": "d55e2e72-e5ab-46ad-8dde-800907d20bdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31587", "type": "seen", "source": "https://t.me/cibsecurity/45887", "content": "\u203c CVE-2022-31587 \u203c\n\nThe yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:19.000000Z"}, {"uuid": "b6d5aa76-929f-4eec-8182-c45721b986ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31584", "type": "seen", "source": "https://t.me/cibsecurity/45885", "content": "\u203c CVE-2022-31584 \u203c\n\nThe stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:17.000000Z"}, {"uuid": "98719aa8-9616-461f-a679-88a6648cdc7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31583", "type": "seen", "source": "https://t.me/cibsecurity/45884", "content": "\u203c CVE-2022-31583 \u203c\n\nThe sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:17.000000Z"}, {"uuid": "6304b09f-e6aa-4fe7-9106-f0b89d47c5fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31585", "type": "seen", "source": "https://t.me/cibsecurity/45883", "content": "\u203c CVE-2022-31585 \u203c\n\nThe umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:15.000000Z"}, {"uuid": "308ea699-1998-4480-8c5d-c84f77b1f6cd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31581", "type": "seen", "source": "https://t.me/cibsecurity/45881", "content": "\u203c CVE-2022-31581 \u203c\n\nThe scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:13.000000Z"}, {"uuid": "19f0c6db-70f9-4b67-bc28-087f7d757a35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31588", "type": "seen", "source": "https://t.me/cibsecurity/45889", "content": "\u203c CVE-2022-31588 \u203c\n\nThe zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:25.000000Z"}, {"uuid": "94c4b6c1-1e59-4fd3-bff8-aed2128eb04c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31586", "type": "seen", "source": "https://t.me/cibsecurity/45888", "content": "\u203c CVE-2022-31586 \u203c\n\nThe unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-11T07:20:21.000000Z"}, {"uuid": "3da2cf92-f40e-4906-bd37-2c8cd86fbe63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-31589", "type": "seen", "source": "https://t.me/cibsecurity/44447", "content": "\u203c CVE-2022-31589 \u203c\n\nDue to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-26T16:03:20.000000Z"}]}