4 matches found
CVE-2022-36066
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...
CVE-2022-36066
creationtimestamp| type| source ---|---|--- 2022-09-30 00:35:20+00:00| seen| https://t.me/cibsecurity/50742 2026-06-29 20:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mphc2el65r2x...
CVE-2022-36066
CVE-2022-36066 affects Discourse prior to versions 2.8.9 (stable) and 2.9.0.beta10 (beta/tests-passed). The flaw lets admins upload a malicious Zip or Gzip Tar archive that writes files at arbitrary locations, enabling remote code execution. Root cause is improper validation of uploaded files, al...
CVE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file
Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...