Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 10:47 p.m.6 views

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS7.6AI score0.01574EPSS
Exploits0
Circl
Circl
added 2022/09/30 12:35 a.m.4 views

CVE-2022-36066

creationtimestamp| type| source ---|---|--- 2022-09-30 00:35:20+00:00| seen| https://t.me/cibsecurity/50742 2026-06-29 20:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mphc2el65r2x...

9.1CVSS7AI score0.01574EPSS
Exploits0References2
CVE
CVE
added 2022/09/29 7:35 p.m.82 views

CVE-2022-36066

CVE-2022-36066 affects Discourse prior to versions 2.8.9 (stable) and 2.9.0.beta10 (beta/tests-passed). The flaw lets admins upload a malicious Zip or Gzip Tar archive that writes files at arbitrary locations, enabling remote code execution. Root cause is improper validation of uploaded files, al...

9.1CVSS7.9AI score0.01574EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/29 7:35 p.m.5 views

CVE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

9.1CVSS9.5AI score0.01574EPSS
Exploits0References3
Rows per page
Query Builder