Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zenario CMS 代码问题漏洞
Vulnerability Description
Zenario CMS是Zenario开源的一个应用软件。提供一个基于Web的内容管理系统。 Zenario CMS 9.2 存在安全漏洞,该漏洞允许一个通过认证的管理员用户利用.phar 扩展创建一个新的File/MIME Types来绕过文件上传限制。从而,攻击者可利用该漏洞上传恶意文件,拦截请求,并将扩展名更改为.phar ,以便在服务器上运行命令。
CVSS Information
N/A
Vulnerability Type
N/A