Headline

CVE-2021-42171: Upload file to RCE in Zenario CMS 9.0.54156 · Issue #2 · hieuminhnv/Zenario-CMS-9.0-last-version

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.

2 years ago

CVE

Open in Source

#vulnerability #web #php #rce #firefox

Summary
hi team,
I found high Upload file to RCE.

Info
Zenario CMS 9.0.54156 last version
FireFox 92.0.1 (64-bit)

Steps

Login to account http://xxx.xxx.x.x/admin.php?cID=1&cType=html
Choose Documents >> Upload documents
Use burpsuite and capture request file a.html
Click Edit document metadata >> use burpsuite to capture >> save
In value current_value, edit value html to php
Click Actions >> view public link

7.Copy link to URL >> BOOM

Inpact :
An attacker could upload a dangerous executable file like a virus, malware, etc…
The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

10 months ago

10 months ago

10 months ago

10 months ago

10 months ago