2022-02-22 18:21:02
Fluid Attacks
PUBLISHED
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new File/MIME Types using the .phar extension. Then an attacker can upload a malicious file, intercept the request and change the extension to .phar in order to run commands on the server.