Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-36532 PoC — Bolt Financial Bolt CMS 安全漏洞

Source
https://github.com/lutrasecurity/CVE-2022-36532
Associated Vulnerability
Title:Bolt Financial Bolt CMS 安全漏洞 (CVE-2022-36532)
Description:Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.
Description
Proof of concept for CVE-2022-36532: RCE via File Upload in Bolt CMS 5.1.12 and below.
Readme
# Proof of Concept for CVE-2022-36532

A vulnerability in Bolt CMS version 5.1.12 and below allows an authenticated user with the `EDITOR_ROLE` to achieve remote code execution. This vulnerability can be detected using this script, for details on the vulnerability see <https://lutrasecurity.com/en/articles/cve-2022-36532/>.

## Usage

Three parameters are needed to run the script: The username, the corresponding password and the Bolt CMS instance URL.
To test an instance at `http://127.0.0.1:8000/` with the credentials `jsmith:password` use the following command:

```bash
./CVE-2022-36532.py jsmith password "http://127.0.0.1:8000/"
```

For example:

![CVE-2022-36532 py](https://user-images.githubusercontent.com/29411434/188486959-d385d80e-4db7-4072-b804-643a893a6d1a.png)
File Snapshot

 [4.0K]  /data/pocs/5e2b803ed7c5938d2bad319e5d8df41c39ada918
├── [3.2K]  CVE-2022-36532.py
└── [ 783]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →