CVE-2022-36532 PoC — Bolt Financial Bolt CMS 安全漏洞

Source

https://github.com/lutrasecurity/CVE-2022-36532

Associated Vulnerability

Title:Bolt Financial Bolt CMS 安全漏洞 (CVE-2022-36532)
Description:Bolt Financial Bolt CMS是Bolt Financial公司的一套基于PHP的开源的内容管理系统。 Bolt Financial Bolt CMS 5.1.12版本存在安全漏洞，该漏洞源于允许具有 ROLE_EDITOR 权限的经过身份验证的用户上传和重命名恶意文件，攻击者利用该漏洞可以远程代码执行。

Description

Proof of concept for CVE-2022-36532: RCE via File Upload in Bolt CMS 5.1.12 and below.

Readme

# Proof of Concept for CVE-2022-36532

A vulnerability in Bolt CMS version 5.1.12 and below allows an authenticated user with the `EDITOR_ROLE` to achieve remote code execution. This vulnerability can be detected using this script, for details on the vulnerability see <https://lutrasecurity.com/en/articles/cve-2022-36532/>.

## Usage

Three parameters are needed to run the script: The username, the corresponding password and the Bolt CMS instance URL.
To test an instance at `http://127.0.0.1:8000/` with the credentials `jsmith:password` use the following command:

```bash
./CVE-2022-36532.py jsmith password "http://127.0.0.1:8000/"
```

For example:

![CVE-2022-36532 py](https://user-images.githubusercontent.com/29411434/188486959-d385d80e-4db7-4072-b804-643a893a6d1a.png)

File Snapshot


 [4.0K]  /data/pocs/5e2b803ed7c5938d2bad319e5d8df41c39ada918
├── [3.2K]  CVE-2022-36532.py
└── [ 783]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!