Exploits June 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Remediation

Official Fix7
Temporary Fix0
Workaround5
Unavailable0
Not Defined41

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High1
Functional0
Proof-of-Concept52
Unproven0
Not Defined0

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Lang

Python5

The automatization and the exploitation of a security vulnerability is called an exploit. It is possible to determine the popularity and availability of programming languages used for creating such exploits.

CVSSv3 Base

≤10
≤20
≤33
≤47
≤58
≤65
≤717
≤811
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤410
≤59
≤617
≤710
≤83
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

Exploit 0-day

<1k12
<2k24
<5k15
<10k0
<25k1
<50k0
<100k1
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k53
<2k0
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Published0dayTodayTrVulnerabilityExpLangURLCTIEPSSCVE
06/30/2022$0-$5k$0-$5kOnline Hotel Booking System Room edit_room_cat.php sql injectionProof-of-Concept
 
Link0.070.00885CVE-2022-2263
06/30/2022$0-$5k$0-$5kOnline Hotel Booking System Room edit_all_room.php sql injectionProof-of-Concept
 
Link0.090.00885CVE-2022-2262
06/30/2022$0-$5k$0-$5kJoy Wolf E-Bike Key Fob Request denial of serviceProof-of-Concept
 
Link0.000.01055CVE-2022-30467
06/30/2022$0-$5k$0-$5kBackdoor.Win32.EvilGoat.b Service Port 13014 hard-coded credentialsProof-of-Concept
 
Link0.030.00000
06/30/2022$0-$5k$0-$5kBackdoor.Win32.Cafeini.b Service Port 51966 hard-coded credentialsProof-of-Concept
 
Link0.030.00000
06/30/2022$0-$5k$0-$5kBackdoor.Win32.Coredoor.10.a Service Port 21000 improper authenticationProof-of-Concept
 
Link0.040.00000
06/28/2022$0-$5k$0-$5kPrestaShop blockwishlist sql injectionProof-of-ConceptPythonLink0.090.11752CVE-2022-31101
06/27/2022$0-$5k$0-$5kSourceCodester Library Management System bookdetails.php sql injectionProof-of-Concept
 
Link0.090.00885CVE-2022-2214
06/27/2022$0-$5k$0-$5kSourceCodester Library Management System cross site scriptingProof-of-Concept
 
Link0.080.00885CVE-2022-2213
06/27/2022$0-$5k$0-$5kSourceCodester Library Management System /card/index.php unrestricted uploadProof-of-Concept
 
Link2.240.00885CVE-2022-2212
06/26/2022$0-$5k$0-$5kMediaWiki RSS Extension cross site scriptingProof-of-Concept
 
Link0.040.00000CVE-2022-34491
06/25/2022$0-$5k$0-$5kUser Photo Plugin unrestricted uploadProof-of-Concept
 
Link0.000.07308CVE-2013-1916
06/25/2022$0-$5k$0-$5kTrojan-Mailfinder.Win32.VB.p permissionProof-of-Concept
 
Link0.030.00000
06/25/2022$0-$5k$0-$5kBackdoor.Win32.Shark.btu permissionProof-of-Concept
 
Link0.080.00000
06/25/2022$0-$5k$0-$5kBackdoor.Win32.InfecDoor.17.c permissionProof-of-Concept
 
Link0.060.00000
06/25/2022$0-$5k$0-$5kYashma Ransomware Builder permissionProof-of-Concept
 
Link0.020.00000
06/23/2022$0-$5k$0-$5kSourceCodester School File Management System Update Account Form student_profile.php cross site scriptingProof-of-Concept
 
Link0.040.00890CVE-2021-46824
06/21/2022$0-$5k$0-$5kContec SolarView Compact 1.php unrestricted uploadProof-of-Concept
 
Link0.040.01338CVE-2022-31374
06/21/2022$0-$5k$0-$5kContec SolarView Compact Solar_AiConf.php cross site scriptingProof-of-Concept
 
Link0.050.00885CVE-2022-31373
06/17/2022$0-$5k$0-$5koretnom23 Rescue Dispatch Management System sql injectionProof-of-Concept
 
Link0.000.00885CVE-2022-31941
06/17/2022$0-$5k$0-$5ku5cms Default Home Page cross site scriptingProof-of-Concept
 
Link0.080.00885CVE-2022-32442
06/17/2022$0-$5k$0-$5kAnselal Antminer Monitor Flask Server backdoorProof-of-Concept
 
Link0.030.00954CVE-2021-40903
06/17/2022$0-$5k$0-$5kVoIPmonitor Web GUI api.php sql injectionProof-of-Concept
 
Link0.050.00885CVE-2021-41408
06/17/2022$0-$5k$0-$5kNokia VitalSuite SPM sql injectionProof-of-Concept
 
Link0.030.00885CVE-2021-41487
06/17/2022$0-$5k$0-$5kVictor CMS admin_edit_comment.php sql injectionProof-of-Concept
 
Link0.050.00890CVE-2020-35597
06/16/2022$5k-$25k$0-$5kPHP pdo_mysql buffer overflowProof-of-Concept
 
Link0.070.04571CVE-2022-31626
06/15/2022$0-$5k$0-$5kSourceCodester Bank Management System cross site scriptingProof-of-Concept
 
Link0.020.00885CVE-2022-2087
06/15/2022$0-$5k$0-$5kSourceCodester Bank Management System login.php sql injectionProof-of-Concept
 
Link0.030.00885CVE-2022-2086
06/14/2022$0-$5k$0-$5kChurch Management System Avatar Image uploads unrestricted uploadProof-of-ConceptPythonLink0.020.00885CVE-2021-41661
06/14/2022$0-$5k$0-$5kSourcecodester South Gate Inn Online Reservation System File editImg sql injectionProof-of-ConceptPythonLink0.040.01424CVE-2021-41662
06/11/2022$0-$5k$0-$5kgit-promise command injectionProof-of-Concept
 
Link0.000.02055CVE-2022-24376
06/11/2022$0-$5k$0-$5kNetwave IP Camera Network Configuration kcore information disclosureProof-of-ConceptPythonLink0.040.12492CVE-2018-17240
06/11/2022$0-$5k$0-$5kIdeaLMS sql injectionProof-of-Concept
 
Link0.030.00885CVE-2022-31788
06/09/2022$0-$5k$0-$5kFirejail User Namespace join.c access controlProof-of-Concept
 
Link0.040.01365CVE-2022-31214
06/09/2022$0-$5k$0-$5kVapor Request Body buffer overflowProof-of-Concept
 
Link0.090.00885CVE-2022-31019
06/09/2022$0-$5k$0-$5kRazer Sila Gaming Router file inclusionProof-of-Concept
 
Link0.000.00954CVE-2022-29014
06/09/2022$0-$5k$0-$5kRazer Sila Gaming Router POST Request command injectionProof-of-Concept
 
Link0.000.02211CVE-2022-29013
06/07/2022$0-$5k$0-$5kTrojan-Banker.Win32.Banbra.cyt permissionProof-of-Concept
 
Link0.040.00000
06/07/2022$0-$5k$0-$5kTrojan-Banker.Win32.Banker.agzg permissionProof-of-Concept
 
Link0.070.00000
06/07/2022$0-$5k$0-$5kRansom.Haron VERSION.dll uncontrolled search pathProof-of-Concept
 
Link0.000.00000
06/07/2022$0-$5k$0-$5kBackdoor.Win32.Cabrotor.10.d Service Port 1243 backdoorProof-of-Concept
 
Link0.030.00000
06/07/2022$0-$5k$0-$5kTrojan-Proxy.Win32.Symbab.o Service Port 8080 heap-based overflowProof-of-Concept
 
Link0.040.00000
06/07/2022$0-$5k$0-$5kSourceCodester Prison Management System System Name cross site scriptingProof-of-Concept
 
Link0.060.00885CVE-2022-2020
06/07/2022$0-$5k$0-$5kSourceCodester Prison Management System New User Creation improper authorizationProof-of-Concept
 
Link0.070.00885CVE-2022-2019
06/07/2022$0-$5k$0-$5kSourceCodester Prison Management System Inmate sql injectionProof-of-Concept
 
Link0.140.00885CVE-2022-2018
06/07/2022$0-$5k$0-$5kSourceCodester Prison Management System Visit view_visit.php sql injectionProof-of-Concept
 
Link0.050.00885CVE-2022-2017
06/04/2022$25k-$100k$0-$5kAtlassian Confluence Server/Data Center OGNL injectionHighPythonLink0.060.86384CVE-2022-26134
06/03/2022$0-$5k$0-$5kFast Food Ordering System Master List Master.php cross site scriptingProof-of-Concept
 
Link0.040.00885CVE-2022-1991
06/03/2022$0-$5k$0-$5kKeep My Notes access controlProof-of-Concept
 
Link0.050.00885CVE-2022-1716
06/03/2022$0-$5k$0-$5kcURL Name name resolutionProof-of-Concept
 
Link0.000.01018CVE-2022-27778

3 more entries are not shown

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!