{"vulnerability": "cve-2022-4292", "sightings": [{"uuid": "a54f9cd1-1275-4cb3-9a25-59d8a387a788", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42920", "type": "seen", "source": "https://infosec.exchange/users/cR0w/statuses/114495083507817906", "content": "", "creation_timestamp": "2025-05-12T13:25:28.497500Z"}, {"uuid": "db594b80-817d-43e3-96ef-3d1d2da2cf22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42924", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/14867", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42924\n\ud83d\udd25 CVSS Score: 7.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L)\n\ud83d\udd39 Description: Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.\n\ud83d\udccf Published: 2022-10-31T19:59:33.604Z\n\ud83d\udccf Modified: 2025-05-05T14:03:19.048Z\n\ud83d\udd17 References:\n1. https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms", "creation_timestamp": "2025-05-05T14:20:38.000000Z"}, {"uuid": "ecb51848-f7ce-4066-a1b6-78e04bc32825", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42925", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15222", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-42925\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: There is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.\n\ud83d\udccf Published: 2022-10-31T19:58:45.089Z\n\ud83d\udccf Modified: 2025-05-06T19:44:17.503Z\n\ud83d\udd17 References:\n1. https://www.incibe-cert.es/en/early-warning/security-advisories/multiple-vulnerabilities-forma-lms", "creation_timestamp": "2025-05-06T20:21:27.000000Z"}, {"uuid": "c8f6325a-8f62-4d60-9b91-dbde13894cfa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42920", "type": "seen", "source": "https://t.me/ctinow/182486", "content": "https://ift.tt/bZt20ju\nCVE-2022-42920 | Oracle Retail Advanced Inventory Planning 15.0.3/16.0.3 Operations/Maintenance out-of-bounds write", "creation_timestamp": "2024-02-10T09:07:11.000000Z"}, {"uuid": "1f8bf5dc-defd-4429-bdb6-08e189da9c4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42920", "type": "seen", "source": "https://t.me/cibsecurity/52588", "content": "\u203c CVE-2022-42920 \u203c\n\nApache Commons BCEL has a number of APIs that would normally only allow changing specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to produce arbitrary bytecode. This could be abused in applications that pass attacker-controllable data to those APIs, giving the attacker more control over the resulting bytecode than otherwise expected. Update to Apache Commons BCEL 6.6.0.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-28T12:30:49.000000Z"}, {"uuid": "b05aa04c-1215-45f2-bca5-ece3ba213552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42920", "type": "seen", "source": "https://t.me/ctinow/180551", "content": "https://ift.tt/FIyNo7d\nCVE-2022-42920 | Oracle Communications Service Catalog and Design 7.4.0.7.0/7.4.1.5.0/7.4.2.8.0 Order/Service Management out-of-bounds write", "creation_timestamp": "2024-02-07T07:36:30.000000Z"}, {"uuid": "c3f54512-bc51-4206-8b5b-ad0c6b78b6bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42920", "type": "seen", "source": "https://t.me/ctinow/181281", "content": "https://ift.tt/Jsq7V9I\nCVE-2022-42920 | Oracle Financial Services Behavior Detection Platform 8.0.8.1/8.1.1.1/8.1.2.5/8.1.2.6 Application out-of-bounds write", "creation_timestamp": "2024-02-08T11:07:11.000000Z"}, {"uuid": "db11650e-1c52-4905-8790-bcdf7c3f7637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42929", "type": "seen", "source": "https://t.me/cibsecurity/55181", "content": "\u203c CVE-2022-42929 \u203c\n\nIf a website called window.print() in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:27:19.000000Z"}, {"uuid": "7e18a482-dab7-41ce-8feb-e4f22ed3c912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42927", "type": "seen", "source": "https://t.me/cibsecurity/55133", "content": "\u203c CVE-2022-42927 \u203c\n\nA same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries(). This vulnerability affects Thunderbird < 102.4, Firefox ESR < 102.4, and Firefox < 106.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T22:20:01.000000Z"}, {"uuid": "4fd1935c-9c26-412d-824f-df086f4cf0e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42923", "type": "seen", "source": "https://t.me/cibsecurity/52317", "content": "\u203c CVE-2022-42923 \u203c\n\nForma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'id' parameter in the 'appCore/index.php?r=adm/mediagallery/delete' function in order to dump the entire database or delete all contents from the 'core_user_file' table.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:13:21.000000Z"}, {"uuid": "97a6708b-dda1-4b66-8110-bdbd1865ea7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42924", "type": "seen", "source": "https://t.me/cibsecurity/52320", "content": "\u203c CVE-2022-42924 \u203c\n\nForma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:13:27.000000Z"}, {"uuid": "49cdd82a-2e55-494d-b493-7ded1ffc5614", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4292", "type": "seen", "source": "https://t.me/cibsecurity/54018", "content": "\u203c CVE-2022-4292 \u203c\n\nUse After Free in GitHub repository vim/vim prior to 9.0.0882.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-05T22:40:05.000000Z"}, {"uuid": "cd1be932-2099-4412-b0fb-fe272f4bdae6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-42925", "type": "seen", "source": "https://t.me/cibsecurity/52331", "content": "\u203c CVE-2022-42925 \u203c\n\nThere is a vulnerability on Forma LMS version 3.1.0 and earlier that could allow an authenticated attacker (with the role of student) to privilege escalate in order to upload a Zip file through the plugin upload component. The exploitation of this vulnerability could lead to a remote code injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-10-31T23:19:13.000000Z"}]}