# Proof of Concept for CVE-2022-36532

A vulnerability in Bolt CMS version 5.1.12 and below allows an authenticated user with the `EDITOR_ROLE` to achieve remote code execution. This vulnerability can be detected using this script, for details on the vulnerability see <>.

## Usage

Three parameters are needed to run the script: The username, the corresponding password and the Bolt CMS instance URL.
To test an instance at `` with the credentials `jsmith:password` use the following command:

./ jsmith password ""

For example:

![CVE-2022-36532 py](