First published: Wed Sep 14 2022(Updated: )
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Garage Management System Project Garage Management System | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-36667 is a vulnerability in Garage Management System 1.0 that allows remote code execution (RCE) due to a lack of filtering in the file upload function.
CVE-2022-36667 has a severity rating of 8.8, which is considered high.
Garage Management System 1.0 is affected by CVE-2022-36667.
An attacker can exploit CVE-2022-36667 by uploading a PHP Reverse Shell through the file upload function, gaining remote code execution.
Yes, a fix for CVE-2022-36667 is available and should be applied promptly to protect against the vulnerability.