WARNING! Fake news / Uwaga! Nota nieprawdziwa

Zenphoto CMS 1.5.7 Shell Upload

2021.02.28
Risk: High
Local: No
Remote: Yes
CWE: CWE-264


Ogólna skala CVSS: 6.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 8/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Jednorazowa
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - <= 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then Files(elFinder) drag and drop any malicious php code after that go to /uploaded/ and you're php code -------------------------------------------------------------------------------------------- Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the Files(elFinder) portion of the UI. This can, for example, place a .php file in the server's uploaded/ directory. [Reference] https://www.linkedin.com/in/abdulaziz-almisfer-22a7861ab/ https://twitter.com/3almisfer https://github.com/azizalshammari/ ------------------------------------------ [Discoverer] Abdulaziz Almisfer CVE-2020-36079


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top