{"vulnerability": "cve-2022-4155", "sightings": [{"uuid": "259a75b8-447f-4327-8222-45b007bd7d53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41552", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14386", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41552\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.\nThis issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.\n\n\ud83d\udccf Published: 2022-11-01T02:10:22.868Z\n\ud83d\udccf Modified: 2025-05-01T19:54:37.952Z\n\ud83d\udd17 References:\n1. https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html", "creation_timestamp": "2025-05-01T20:15:44.000000Z"}, {"uuid": "4a0a99ed-51f3-4d61-b8e7-21607017a263", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4155", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11512", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-4155\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.\n\ud83d\udccf Published: 2022-12-26T12:27:58.593Z\n\ud83d\udccf Modified: 2025-04-11T23:25:38.231Z\n\ud83d\udd17 References:\n1. https://wpscan.com/vulnerability/a55c6a62-3744-4374-b01a-cb074ac64b4d\n2. https://bulletin.iese.de/post/contest-gallery_19-1-4-1_6", "creation_timestamp": "2025-04-11T23:51:18.000000Z"}, {"uuid": "2c77a2b5-08a5-4639-8481-0b1d7d96e8ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41553", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14862", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41553\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)\n\ud83d\udd39 Description: Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information.\nThis issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00.\n\n\ud83d\udccf Published: 2022-11-01T02:11:01.157Z\n\ud83d\udccf Modified: 2025-05-05T14:09:20.015Z\n\ud83d\udd17 References:\n1. https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html", "creation_timestamp": "2025-05-05T14:20:29.000000Z"}, {"uuid": "8584e1ba-1182-488b-a21c-ce8ddab8a9bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41551", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14610", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41551\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.\n\ud83d\udccf Published: 2022-11-02T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-02T20:54:51.642Z\n\ud83d\udd17 References:\n1. https://github.com/Happyd99/bug_report/blob/main/vendors/mayuri_k/garage-management-system/SQLi-1.md", "creation_timestamp": "2025-05-02T21:16:32.000000Z"}, {"uuid": "1f5bce2e-33ba-4e6b-9006-852b9f3a032f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4155", "type": "seen", "source": "https://t.me/cibsecurity/55360", "content": "\u203c CVE-2022-4155 \u203c\n\nThe Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the wp_user_id GET parameter before concatenating it to an SQL query in management-show-user.php. This may allow malicious users with administrator privileges (i.e. on multisite WordPress configurations) to leak sensitive information from the site's database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-26T16:40:59.000000Z"}, {"uuid": "c141b822-331d-436b-a045-c99d2f9287c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41551", "type": "seen", "source": "https://t.me/cibsecurity/52486", "content": "\u203c CVE-2022-41551 \u203c\n\nGarage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-02T23:36:05.000000Z"}, {"uuid": "9abc32f9-cd3b-4430-85f1-55bba4a60f29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41559", "type": "seen", "source": "https://t.me/cibsecurity/54099", "content": "\u203c CVE-2022-41559 \u203c\n\nThe Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-06T22:41:10.000000Z"}, {"uuid": "1ace11e6-15dd-4e4e-a99b-f2c10d7bb716", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41553", "type": "seen", "source": "https://t.me/cibsecurity/52341", "content": "\u203c CVE-2022-41553 \u203c\n\nInsertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer probe component) allows local users to gain sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T06:13:34.000000Z"}, {"uuid": "ceb46dd0-1672-4201-8fec-90adcd0a6b9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41552", "type": "seen", "source": "https://t.me/cibsecurity/52339", "content": "\u203c CVE-2022-41552 \u203c\n\nServer-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-01T06:13:28.000000Z"}, {"uuid": "74e5c457-f2e0-4b36-82c2-a8da2e5eac0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41556", "type": "seen", "source": "https://t.me/cibsecurity/50920", "content": "\u203c CVE-2022-41556 \u203c\n\nA resource leak in gw_backend.c in lighttpd 1.4.56 through 1.4.66 could lead to a denial of service (connection-slot exhaustion) after a large amount of anomalous TCP behavior by clients. It is related to RDHUP mishandling in certain HTTP/1.1 chunked situations. Use of mod_fastcgi is, for example, affected. This is fixed in 1.4.67.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-06T22:22:57.000000Z"}, {"uuid": "28b8f266-ad43-4586-8645-3374288615cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41555", "type": "seen", "source": "https://t.me/cibsecurity/52171", "content": "\u203c CVE-2022-41555 \u203c\n\nThe affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a stored cross-site scripting vulnerability through the PutLineMessageSetting API.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-28T00:28:42.000000Z"}, {"uuid": "90ae2c5f-6c60-4c4d-8652-1adf26f079d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41550", "type": "seen", "source": "https://t.me/cibsecurity/51241", "content": "\u203c CVE-2022-41550 \u203c\n\nGNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-12T02:26:36.000000Z"}]}