CVE Catalog
CVE-2026-36722
MediumCVSS 5.4Exploitation Probability (EPSS)
Low risk0.03%
11th percentile - higher than 11% of all known CVEs
Summary
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.
Risk Assessment
This vulnerability could lead to remote code execution, posing a serious threat to the security of the system and user data.
Recommendation
It is recommended to implement strict controls on uploaded files and to update to the latest version of the software to minimize risk.
Original NVD description (English source)
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.

