PT-2019-14244 · Csz · Csz Cms

Publicado

2019-08-26

Atualizado

2019-08-30

CVE-2019-15524

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.3

Description The issue allows for arbitrary file upload, which can be exploited by uploading a .php file to the "admin/filemanager" endpoint in the File Management Module. This can lead to remote code execution when visiting a "photo/upload/2019/" URI.

Recommendations For CSZ CMS version 1.2.3, consider disabling the File Management Module or restricting access to the "admin/filemanager" endpoint until a fix is available. Additionally, avoid using the File Management Module to upload files, especially .php files, to prevent remote code execution.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2019-15524

Produtos afetados

Csz Cms

PT-2019-14244 · Csz · Csz Cms

CVE-2019-15524

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4