{"id":"CVE-2022-32994","details":"Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.","modified":"2026-07-08T06:01:17.221903048Z","published":"2022-06-27T22:15:38Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/32xxx/CVE-2022-32994.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/32xxx/CVE-2022-32994.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-32994"},{"type":"REPORT","url":"https://github.com/zongdeiqianxing/cve-reports/issues/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/halo-dev/halo","events":[{"introduced":"2e8ecd649996e0244dc10516eb99d275d122bc1f"},{"last_affected":"2e8ecd649996e0244dc10516eb99d275d122bc1f"}],"database_specific":{"cpe":"cpe:2.3:a:halo:halo:1.5.3:*:*:*:*:*:*:*","source":"CPE_STRING","extracted_events":[{"introduced":"1.5.3"},{"last_affected":"1.5.3"}]}}],"versions":["1.5.3","v1.5.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32994.json"}}],"schema_version":"1.7.5"}