← Volver a CVEs
CVE-2022-36667
HIGH8.8
Descripcion
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.
Detalles CVE
Puntuacion CVSS v3.18.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado9/14/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
garage_management_system_project:garage_management_system
Debilidades (CWE)
CWE-434
Referencias
https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md(cve@mitre.org)
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html(cve@mitre.org)
https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md(af854a3a-2127-422b-91ae-364da2661108)
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.