Zenphoto CMS 1.5.7 Shell Upload

WARNING! Fake news / Disputed / BOGUS

Zenphoto CMS 1.5.7 Shell Upload

2021.02.28

Credit: Abdulaziz Almisfer

Risk: High

Local: No

Remote: Yes

CVE: CVE-2020-36079

CWE: CWE-264

CVSS Base Score: 6.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8/10

Exploit range: Remote

Attack complexity: Low

Authentication: Single time

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

 Authenticated arbitrary file upload to RCE
Product : Zenphoto
Affected : Zenphoto CMS - <= 1.5.7
Attack Type : Remote
login then go to plugins then go to uploader and press on the check box elFinder
then press apply , after that you go to upload then Files(elFinder) drag and drop
any malicious php code after that go to /uploaded/ and you're php code
--------------------------------------------------------------------------------------------
Zenphoto through 1.5.7 is affected by authenticated arbitrary file
upload, leading to remote code execution. The attacker must navigate to
the uploader plugin, check the elFinder box, and then drag and drop
files into the Files(elFinder) portion of the UI. This can, for
example, place a .php file in the server's uploaded/ directory.
[Reference]
https://www.linkedin.com/in/abdulaziz-almisfer-22a7861ab/
https://twitter.com/3almisfer
https://github.com/azizalshammari/
------------------------------------------
[Discoverer]
Abdulaziz Almisfer
CVE-2020-36079

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Zenphoto CMS 1.5.7 Shell Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.