Closed
Description
Summary
hi team,
I found high Upload file to RCE.
Info
Zenario CMS 9.0.54156 last version
FireFox 92.0.1 (64-bit)

Steps
-
Login to account http://xxx.xxx.x.x/admin.php?cID=1&cType=html

-
Click Edit document metadata >> use burpsuite to capture >> save

Inpact :
An attacker could upload a dangerous executable file like a virus, malware, etc..
The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
Metadata
Metadata
Assignees
Labels
No labels




