{"vulnerability": "cve-2022-4305", "sightings": [{"uuid": "c1d9c719-7dac-449d-99b1-af1d5078c8f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43051", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14953", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43051\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T17:57:37.664Z\n\ud83d\udd17 References:\n1. https://github.com/1909900436/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md", "creation_timestamp": "2025-05-05T18:19:38.000000Z"}, {"uuid": "dafc998e-ea52-436e-a001-385e5c1b481b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43058", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14305", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43058\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.\n\ud83d\udccf Published: 2022-11-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T15:04:54.294Z\n\ud83d\udd17 References:\n1. https://github.com/ctg503/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-1.md", "creation_timestamp": "2025-05-01T15:15:27.000000Z"}, {"uuid": "c6c476a0-0c18-471b-a290-4b726d2e1824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43052", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14952", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43052\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T17:58:47.629Z\n\ud83d\udd17 References:\n1. https://github.com/1909900436/bug_report/blob/main/vendors/oretnom23/online-diagnostic-lab-management-system/SQLi-2.md", "creation_timestamp": "2025-05-05T18:19:37.000000Z"}, {"uuid": "ba693c43-2b4a-42b6-9bc7-c21e6930bb68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4305", "type": "seen", "source": "https://t.me/cibsecurity/56849", "content": "\u203c CVE-2022-4305 \u203c\n\nThe Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-23T18:25:21.000000Z"}, {"uuid": "cb66f6fc-75c0-4154-8b0d-1f6334e890eb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43050", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14954", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-43050\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component update_profile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.\n\ud83d\udccf Published: 2022-11-07T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-05T17:56:27.826Z\n\ud83d\udd17 References:\n1. https://github.com/1909900436/bug_report/blob/main/vendors/mayuri_k/online-tours-travels-management-system/RCE-1.md", "creation_timestamp": "2025-05-05T18:19:39.000000Z"}, {"uuid": "c968111b-64c5-4637-b276-0682be02ce8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-43058", "type": "seen", "source": "https://t.me/cibsecurity/52785", "content": "\u203c CVE-2022-43058 \u203c\n\nOnline Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms//classes/Master.php?f=delete_activity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T00:49:32.000000Z"}]}