CVE-2022-23043

Summary

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.

Affected Software

VendorProductVersion RangeStatus
n/aZenario CMS9.2affected

Weaknesses

  • Insecure file upload (RCE)

ADP Enrichment

CVE Program Container

Additional References

References