Security Advisory

CVE-2022-23048

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-09 22:03:58

Last updated 2024-08-03 03:28:43

Assigner Fluid Attacks

State PUBLISHED

Description

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/{rce}.php" from where can be accessed in order to execute commands.

← Browse all CVEs View on cve.org ↗