Tribalsystems: >> Zenario >> 9.2 Security Vulnerabilities
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server.
CVSS Score
7.2
EPSS Score
0.008
Published
2022-02-24