{"vulnerability": "CVE-2022-4533", "sightings": [{"uuid": "305e9f42-d3d5-46b0-bec7-c834a4930e20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45331", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13553", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45331\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \\post.php. This vulnerability allows attackers to access database information.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T21:04:14.116Z\n\ud83d\udd17 References:\n1. https://rdyx0.github.io/2018/09/03/AeroCMS-v0.0.1-SQLi%20post_sql_injectin/\n2. https://github.com/rdyx0/CVE/blob/master/AeroCMS/AeroCMS-v0.0.1-SQLi/post_sql_injection/post_sql_injection.md", "creation_timestamp": "2025-04-25T22:07:31.000000Z"}, {"uuid": "f5f710f5-aee1-4de5-b6cf-ee152335e880", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45330", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13552", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45330\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \\category.php. This vulnerability allows attackers to access database information.\n\ud83d\udccf Published: 2022-11-22T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-25T21:05:38.895Z\n\ud83d\udd17 References:\n1. https://rdyx0.github.io/2018/09/02/AeroCMS-v0.0.1-SQLi%20category_sql_injectin/\n2. https://github.com/rdyx0/CVE/blob/master/AeroCMS/AeroCMS-v0.0.1-SQLi/category_sql_injection/category_sql_injection.md", "creation_timestamp": "2025-04-25T22:07:30.000000Z"}, {"uuid": "820fb3ed-a98e-45ea-9c2c-1cfa429c3ec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45338", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12677", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45338\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: An arbitrary file upload vulnerability in the profile picture upload function of Exact Synergy Enterprise 267 before 267SP13 and Exact Synergy Enterprise 500 before 500SP6 allows attackers to execute arbitrary code via a crafted SVG file.\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:36:55.681Z\n\ud83d\udd17 References:\n1. https://gist.github.com/MaxRozendaal/633b34a4675b60caed736e5ffe28f272", "creation_timestamp": "2025-04-21T15:02:59.000000Z"}, {"uuid": "22d61ddf-ba05-46d7-9f1f-de8339b75135", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45330", "type": "seen", "source": "https://t.me/cibsecurity/53378", "content": "\u203c CVE-2022-45330 \u203c\n\nAeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Category parameter at \\category.php. This vulnerability allows attackers to access database information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T00:13:15.000000Z"}, {"uuid": "ba34f25d-2020-4aaf-a733-2122d1975b81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45332", "type": "seen", "source": "https://t.me/cibsecurity/53699", "content": "\u203c CVE-2022-45332 \u203c\n\nLibreDWG v0.12.4.4643 was discovered to contain a heap buffer overflow via the function decode_preR13_section_hdr at decode_r11.c.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:27.000000Z"}, {"uuid": "3117a525-a4ac-4e4e-ad1e-e2c94c130e9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45337", "type": "seen", "source": "https://t.me/cibsecurity/53695", "content": "\u203c CVE-2022-45337 \u203c\n\nTenda TX9 Pro v22.03.02.10 was discovered to contain a stack overflow via the list parameter at /goform/SetIpMacBind.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-30T07:29:23.000000Z"}, {"uuid": "ff08cb2d-abc6-45ea-a516-064096083108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4533", "type": "seen", "source": "https://t.me/cvedetector/6040", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2022-4533 - WordPress Limit Login Attempts Plus X-Forwarded-For Header IP Spoofing\", \n  \"Content\": \"CVE ID : CVE-2022-4533 \nPublished : Sept. 19, 2024, 4:15 a.m. | 35\u00a0minutes ago \nDescription : The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in. \nSeverity: 5.3 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"19 Sep 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-09-19T06:57:47.000000Z"}, {"uuid": "a61a55cc-3ad2-4176-adde-f921130f8dba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45331", "type": "seen", "source": "https://t.me/cibsecurity/53380", "content": "\u203c CVE-2022-45331 \u203c\n\nAeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the p_id parameter at \\post.php. This vulnerability allows attackers to access database information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-23T00:13:16.000000Z"}]}