CVE-2022-36667

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md	Exploit Third Party Advisory
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html	Product
https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md	Exploit Third Party Advisory
https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-09-14 11:15

Updated : 2024-11-21 07:13

NVD link : CVE-2022-36667

Mitre link : CVE-2022-36667

CVE.ORG link : CVE-2022-36667

JSON object : View

Products Affected

garage_management_system_project

garage_management_system

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2022-36667", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2022-09-14T11:15:49.723", "references": [{"url": "https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE."}, {"lang": "es", "value": "Garage Management System versi\u00f3n 1.0, es vulnerable a una Ejecuci\u00f3n de C\u00f3digo Remota (RCE) debido a una falta de filtrado de la funci\u00f3n file upload. La vulnerabilidad se presenta durante la adici\u00f3n de partes y desde la funci\u00f3n de carga, el atacante puede cargar PHP Reverse Shell directamente para ganar RCE"}], "lastModified": "2024-11-21T07:13:28.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:garage_management_system_project:garage_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3922B2E-1825-4D33-B6A7-6C04A3E7842E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}