exploitDog

CVE-2022-36532

Опубликовано: 16 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Средний

Описание

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

Ссылки

http://bolt.com
Product
https://lutrasecurity.com/en/articles/cve-2022-36532/
Exploit
Third Party Advisory
http://bolt.com
Product
https://lutrasecurity.com/en/articles/cve-2022-36532/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:bolt:bolt_cms:*:*:*:*:*:*:*:*

Версия до 5.1.12 (включая)

EPSS

Процентиль: 96%

0.24794

Средний

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-hmmj-pppq-vw96

CVSS3: 8.8

github

больше 3 лет назад

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

EPSS

Процентиль: 96%

0.24794

Средний

8.8 High

CVSS3

Дефекты

NVD-CWE-noinfo