CVE-2022-36667

Vulnerability

Garage Management System version 1.0, available from SourceCodester [1], contains a remote code execution vulnerability in the file upload function used when adding parts. The application fails to validate or filter uploaded files, allowing an attacker to upload arbitrary PHP scripts. The vulnerability exists in the "Add Parts" feature, where the file upload field does not restrict file types [2].

Exploitation

An attacker with access to the parts management interface (typically an authenticated user) can exploit this by navigating to Parts > Add Parts and uploading a PHP reverse shell or other malicious PHP file. The uploaded file is stored on the server and can be accessed directly, leading to code execution. No additional authentication bypass is required beyond the normal application login [2].

Impact

Successful exploitation allows the attacker to execute arbitrary PHP code on the web server, resulting in full remote code execution. This can lead to complete compromise of the application and server, including data theft, modification, or further lateral movement within the network.

Mitigation

As of the publication date, no official patch has been released by the vendor. Users are advised to restrict access to the application, implement additional file upload validation (e.g., using a web application firewall), or disable the file upload functionality if not required. The software may be end-of-life; consider migrating to a supported alternative.