CVE-2022-37042 PoC — Zimbra Collaboration Suite 路径遍历漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-37042.yaml

Associated Vulnerability

Title:Zimbra Collaboration Suite 路径遍历漏洞 (CVE-2022-37042)
Description:Zimbra Collaboration Suite（ZCS）是美国Zimbra的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite 8.8.15版本、9.0版本存在路径遍历漏洞。攻击者利用该漏洞可以将任意文件上传到系统，从而导致目录遍历和远程代码执行。

Description

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.

File Snapshot


 id: CVE-2022-37042

info:
  name: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
  au

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!