CVE-2022-36667

CWE-434 — Unrestricted File Upload3 documents3 sources

Severity

8.8HIGH

EPSS

3.7%

top 12.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Garage Management System Project Garage Management System

Timeline

PublishedSep 14

Latest updateSep 15

Description

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDgarage_management_system_project/garage_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-42gm-5937-wx6g: Garage Management System 1↗2022-09-15

▶

CVEList

CVE-2022-36667: Garage Management System 1↗2022-09-14

▶