Zenario CMS 9.2 - Insecure file upload (RCE)

Summary

Name Zenario CMS 9.2 - Insecure file upload (RCE)
Code name Simone
Product Zenario CMS
Affected versions 9.2
State Unpublished/Contacted Vendor

Vulnerability

Kind Insecure file upload (RCE)
Rule 027. Insecure file upload
Remote Yes
CVSSv3 Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSSv3 Base Score 9.1
Exploit available No
CVE ID(s) CVE-2022-23043

Description

This information will be released later according to our Responsible Disclosure Policy.

Proof of Concept

This information will be released later according to our Responsible Disclosure Policy.

Exploit

This information will be released later according to our Responsible Disclosure Policy.

Mitigation

This information will be released later according to our Responsible Disclosure Policy.

Credits

The vulnerability was discovered by Oscar Uribe from the Offensive Team of Fluid Attacks.

References

Vendor page https://zenar.io/

Timeline

  • 2022-01-13: Vulnerability discovered.

  • 2022-01-13: Vendor contacted.