CVE-2022-36532

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36532

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36532.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-36532

Withdrawn

2025-02-17T03:50:14.937202Z

Published

2022-09-16T03:15:09Z

Modified

2025-01-14T11:05:35.838395Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

References

Affected packages

Git / github.com/bolt/core

Affected ranges

Type: GIT
Repo: https://github.com/bolt/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1dfe9d8820799ac698877c94eb8c572510c9ddca

Affected versions

1.*

1.0.0-alpha1

4.*

4.0.0

4.0.0-alpha3

4.0.0-beta.1

4.0.0-beta.1.1

4.0.0-beta.1.2

4.0.0-beta.1.3

4.0.0-beta.1.4

4.0.0-beta.1.5

4.0.0-beta.1.6

4.0.0-beta.1.7

4.0.0-beta.1.8

4.0.0-beta.2

4.0.0-beta.2.1

4.0.0-beta.2.10

4.0.0-beta.2.2

4.0.0-beta.2.3

4.0.0-beta.2.4

4.0.0-beta.2.5

4.0.0-beta.2.6

4.0.0-beta.2.7

4.0.0-beta.2.8

4.0.0-beta.2.9

4.0.0-beta.3

4.0.0-beta.3.1

4.0.0-beta.3.2

4.0.0-beta.3.3

4.0.0-beta.3.4

4.0.0-beta.3.5

4.0.0-beta.3.6

4.0.0-beta.3.7

4.0.0-beta.3.8

4.0.0-beta.4

4.0.0-beta.4.1

4.0.0-beta.4.2

4.0.0-beta.4.3

4.0.0-beta.4.4

4.0.0-beta.4.5

4.0.0-beta.4.6

4.0.0-beta.5

4.0.0-beta.5.1

4.0.0-beta.5.2

4.0.0-beta.5.3

4.0.0-beta.5.4

4.0.0-beta.5.5

4.0.0-beta.5.6

4.0.0-beta.5.7

4.0.0-beta.5.8

4.0.0-beta.5.9

4.0.0-rc.1

4.0.0-rc.10

4.0.0-rc.11

4.0.0-rc.12

4.0.0-rc.13

4.0.0-rc.14

4.0.0-rc.15

4.0.0-rc.16

4.0.0-rc.17

4.0.0-rc.18

4.0.0-rc.19

4.0.0-rc.2

4.0.0-rc.20

4.0.0-rc.21

4.0.0-rc.22

4.0.0-rc.23

4.0.0-rc.24

4.0.0-rc.25

4.0.0-rc.26

4.0.0-rc.27

4.0.0-rc.28

4.0.0-rc.29

4.0.0-rc.3

4.0.0-rc.31

4.0.0-rc.32

4.0.0-rc.33

4.0.0-rc.34

4.0.0-rc.35

4.0.0-rc.37

4.0.0-rc.39

4.0.0-rc.4

4.0.0-rc.40

4.0.0-rc.41

4.0.0-rc.42

4.0.0-rc.43

4.0.0-rc.44

4.0.0-rc.5

4.0.0-rc.6

4.0.0-rc.7

4.0.0-rc.8

4.0.0-rc.9

4.0.1

4.1.0

4.1.10

4.1.11

4.1.12

4.1.13

4.1.14

4.1.15

4.1.16

4.1.17

4.1.18

4.1.19

4.1.2

4.1.20

4.1.21

4.1.21.1

4.1.22

4.1.23

4.1.3

4.1.4

4.1.5

4.1.6

4.1.7

4.1.7.1

4.1.8

4.1.9

4.2.0

4.2.0-beta.10

4.2.0-beta.11

4.2.0-beta.12

4.2.0-beta.13

4.2.0-beta.14

4.2.0-beta.2

4.2.0-beta.3

4.2.0-beta.4

4.2.0-beta.5

4.2.0-beta.6

4.2.0-beta.7

4.2.0-beta.7.1

4.2.0-beta.7.2

4.2.0-beta.8

4.2.0-beta.8.1

4.2.0-beta.8.2

4.2.0-beta.8.3

4.2.0-beta.9

4.2.0-rc.1

4.2.1

4.2.2

4.2.4

5.*

5.0.0

5.0.0-beta.1

5.0.0-beta.1.1

5.0.0-beta.1.2

5.0.0-beta.1.3

5.0.0-beta.10

5.0.0-beta.12

5.0.0-beta.13

5.0.0-beta.14

5.0.0-beta.2

5.0.0-beta.3

5.0.0-beta.4

5.0.0-beta.5

5.0.0-beta.6

5.0.0-beta.6.1

5.0.0-beta.7

5.0.0-beta.8

5.0.0-beta.9

5.0.0-rc.1

5.0.0-rc.2

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.1.0

5.1.0-beta.1

5.1.0-beta.2

5.1.0-beta.3

5.1.1

5.1.10

5.1.11

5.1.12

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.1.7

5.1.7-pl.1

5.1.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36532.json"