{"vulnerability": "CVE-2022-4596", "sightings": [{"uuid": "6c7d93e1-7c25-410b-81c4-a79b9606dfed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45969", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12678", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45969\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Alist v3.4.0 is vulnerable to Directory Traversal,\n\ud83d\udccf Published: 2022-12-15T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-21T14:35:39.199Z\n\ud83d\udd17 References:\n1. https://github.com/alist-org/alist/issues/2449", "creation_timestamp": "2025-04-21T15:03:00.000000Z"}, {"uuid": "43bbc7aa-f494-4fa7-8194-df8815a7fbdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45968", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/12977", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-45968\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).\n\ud83d\udccf Published: 2022-12-12T00:00:00.000Z\n\ud83d\udccf Modified: 2025-04-22T20:43:57.901Z\n\ud83d\udd17 References:\n1. https://github.com/alist-org/alist/issues/2444", "creation_timestamp": "2025-04-22T21:04:14.000000Z"}, {"uuid": "41c34ade-32e4-4c4b-85c5-146360260317", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45962", "type": "seen", "source": "https://t.me/cibsecurity/58046", "content": "\u203c CVE-2022-45962 \u203c\n\nOpen Solutions for Education, Inc openSIS Community Edition v8.0 and earlier is vulnerable to SQL Injection via CalendarModal.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-14T00:30:24.000000Z"}, {"uuid": "6e2acb78-8489-4f0f-8bb6-83bc2bd4603e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45968", "type": "seen", "source": "https://t.me/cibsecurity/54316", "content": "\u203c CVE-2022-45968 \u203c\n\nAlist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-12T16:25:57.000000Z"}, {"uuid": "087d95e5-fc9c-4ed5-962e-8bd4f6c977c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-4596", "type": "seen", "source": "https://t.me/cibsecurity/54821", "content": "\u203c CVE-2022-4596 \u203c\n\nA vulnerability, which was classified as problematic, has been found in Shoplazza 1.1. This issue affects some unknown processing of the file /admin/api/admin/articles/ of the component Add Blog Post Handler. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-216191.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-18T14:40:46.000000Z"}, {"uuid": "caa43915-9d5d-4322-baae-87f1d777582b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-45966", "type": "seen", "source": "https://t.me/cibsecurity/55119", "content": "\u203c CVE-2022-45966 \u203c\n\nhere is an arbitrary file upload vulnerability in the file management function module of Classcms3.5.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-22T18:13:45.000000Z"}]}