CVE-2022-36532

Published: Sep 16, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

Affected (1)

Products: Bolt: Bolt Cms

Bolt

1 product

Bolt Cms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bolt Bolt Cms	Up to 5.1.12

References (4)

http://bolt.com

Source: cve@mitre.org

Product

https://lutrasecurity.com/en/articles/cve-2022-36532/

Source: cve@mitre.org

ExploitThird Party Advisory

http://bolt.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

https://lutrasecurity.com/en/articles/cve-2022-36532/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.