CVE-2021-42171
published 2022-03-14CVE-2021-42171: Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse…
PriorityP346high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.48%
82.6th percentile
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tribalsystems | zenario | — | — |
| tribalsystems | zenario | >= 0 < 9.0.55143 | 9.0.55143 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Unrestricted Upload of File with Dangerous Type in Zenario CMS
osv·2022-03-15
CVE-2021-42171 [CRITICAL] Unrestricted Upload of File with Dangerous Type in Zenario CMS
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
GHSA
Unrestricted Upload of File with Dangerous Type in Zenario CMS
ghsa·2022-03-15
CVE-2021-42171 [CRITICAL] CWE-434 Unrestricted Upload of File with Dangerous Type in Zenario CMS
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/166617/Zenario-CMS-9.0.54156-Remote-Code-Execution.htmlhttps://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/2https://minhnq22.medium.com/file-upload-to-rce-on-zenario-9-0-54156-cms-fa05fcc6cf74http://packetstormsecurity.com/files/166617/Zenario-CMS-9.0.54156-Remote-Code-Execution.htmlhttps://github.com/hieuminhnv/Zenario-CMS-9.0-last-version/issues/2https://minhnq22.medium.com/file-upload-to-rce-on-zenario-9-0-54156-cms-fa05fcc6cf74
2022-03-14
Published