{"vulnerability": "cve-2022-4529", "sightings": [{"uuid": "4d429b8f-aa8e-4adf-a3fd-96681382c1c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45299", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/10779", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45299\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.\n\ud83d\udccf Published: 2023-01-13T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-07T19:11:13.145Z\n\ud83d\udd17 References:\n1. https://github.com/offalltn/CVE-2022-45299", "creation_timestamp": "2025-04-07T19:45:47.000000Z"}, {"uuid": "5c9afb01-9732-43ee-aae6-b5ec29dc491f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4529", "type": "seen", "source": "https://t.me/cvedetector/4901", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-4529 - S.A.F Plugin for WordPress IP Address Spoofing Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2022-4529 \nPublished : Sept. 5, 2024, 11:15 a.m. | 30\u00a0minutes ago \nDescription : The Security, Antivirus, Firewall \u2013 S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"05 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-05T13:50:23.000000Z"}, {"uuid": "b691cb4c-17cb-4d6b-93d9-efff88f775c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45291", "type": "seen", "source": "Telegram/HO2yT5Z8bI_ikClWyV0Y0WwIwKMyccHKtnJckPsEBKeeoLiD", "content": "", "creation_timestamp": "2025-02-06T02:42:29.000000Z"}, {"uuid": "aa764462-8143-4d64-806c-afe1115f77bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45291", "type": "seen", "source": "Telegram/y86AXzrwp0NoM427ANW-UkNxePAbRWN3ncGP-CPvCESczHov", "content": "", "creation_timestamp": "2025-02-06T02:41:39.000000Z"}, {"uuid": "6628e5fc-845a-4c08-b10e-96f7ad43bc89", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45299", "type": "seen", "source": "https://t.me/cibsecurity/56497", "content": "\u203c CVE-2022-45299 \u203c\n\nAn issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-14T00:36:29.000000Z"}, {"uuid": "25992f26-6a1c-4edb-a09c-2b862107bef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45291", "type": "seen", "source": "https://t.me/cibsecurity/62835", "content": "\u203c CVE-2022-45291 \u203c\n\nPWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-04-25T22:25:22.000000Z"}, {"uuid": "88cf44c0-5345-4b15-b575-f98aeb3c4956", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45292", "type": "seen", "source": "https://t.me/cibsecurity/54253", "content": "\u203c CVE-2022-45292 \u203c\n\nUser invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-10T11:24:49.000000Z"}, {"uuid": "baf6cb3c-97f4-4376-a980-f910fc19101c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45297", "type": "seen", "source": "https://t.me/cibsecurity/57234", "content": "\u203c CVE-2022-45297 \u203c\n\nEQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-15T00:08:35.000000Z"}, {"uuid": "0bd70f39-7165-4f8e-a556-b5a6da12940e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45290", "type": "seen", "source": "https://t.me/cibsecurity/54247", "content": "\u203c CVE-2022-45290 \u203c\n\nKbase Doc v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /web/IndexController.java.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-09T22:13:40.000000Z"}]}