PT-2019-14244 · Csz · Csz Cms

Published

2019-08-26

Updated

2019-08-30

CVE-2019-15524

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.3

Description The issue allows for arbitrary file upload, which can be exploited by uploading a .php file to the "admin/filemanager" endpoint in the File Management Module. This can lead to remote code execution when visiting a "photo/upload/2019/" URI.

Recommendations For CSZ CMS version 1.2.3, consider disabling the File Management Module or restricting access to the "admin/filemanager" endpoint until a fix is available. Additionally, avoid using the File Management Module to upload files, especially .php files, to prevent remote code execution.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2019-15524

Affected Products

Csz Cms

PT-2019-14244 · Csz · Csz Cms

CVE-2019-15524

Weakness Enumeration

Related Identifiers

Affected Products

References · 4