Security Advisory

CVE-2022-23043

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-22 18:21:02

Last updated 2024-08-03 03:28:43

Assigner Fluid Attacks

State PUBLISHED

Description

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new File/MIME Types using the .phar extension. Then an attacker can upload a malicious file, intercept the request and change the extension to .phar in order to run commands on the server.

← Browse all CVEs View on cve.org ↗