CVE-2022-23043
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23043
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-23043.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-23043
- Aliases
- Published
- 2022-02-24T15:15:28Z
- Modified
- 2025-01-14T10:47:09.147348Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
- References
Affected packages
Git / github.com/tribalsystems/zenario
Affected ranges
- Type
- GIT
- Repo
- https://github.com/tribalsystems/zenario
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
7.*
7.0.2e
7.0.3a
7.0.4b
7.0.5b
7.0.5c
7.0.6a
7.0.6b
7.0.7a
7.0.7b
7.0.7c
7.0.7d
7.0.7e
7.1.0
7.1.1
7.1.2
7.2.0
7.2.1
7.2.2
7.2.3
7.3.0
7.4.0
7.4.1
7.4.2
7.4.3
7.4.4
7.5.0
7.5.40440
7.5.41006
7.5.41499
7.6.41504
7.6.41633
7.6.42085
7.7.42682
7.7.42963
7.7.42990
7.7.44223
8.*
8.0.44237
8.0.44273
8.0.44294
8.0.44521
8.0.45032
8.0.45250
8.0.45529
8.1.45530
8.1.45698
8.1.46089
8.1.46433
8.2.46436
8.2.46614
8.2.47180
8.2.47369
8.2.47992
8.3.47997
8.3.48583
8.3.50564
8.4.50565
8.5.50567
8.5.50837
8.5.51340
8.6.51342
8.7
8.8
8.8.53370
8.8.53725
8.9.54063
8.9.54149
8.9.54153
9.*
9.0.54156
9.0.55141
9.1.55143
9.1.55510
9.1.55619
9.2