CVE-2022-36667: Malicious File Upload
First published: Wed Sep 14 2022(Updated: )
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Garage Management System Project Garage Management System | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36667?
CVE-2022-36667 is a vulnerability in Garage Management System 1.0 that allows remote code execution (RCE) due to a lack of filtering in the file upload function.
How severe is CVE-2022-36667?
CVE-2022-36667 has a severity rating of 8.8, which is considered high.
What software is affected by CVE-2022-36667?
Garage Management System 1.0 is affected by CVE-2022-36667.
How can an attacker exploit CVE-2022-36667?
An attacker can exploit CVE-2022-36667 by uploading a PHP Reverse Shell through the file upload function, gaining remote code execution.
Is there a fix available for CVE-2022-36667?
Yes, a fix for CVE-2022-36667 is available and should be applied promptly to protect against the vulnerability.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/garage management system project
- canonical/garage management system project garage management system
- version/garage management system project garage management system/1.0