CVE-2022-23043

Name of the Vulnerable Software and Affected Versions Zenario CMS version 9.2

Description The issue allows an authenticated admin user to bypass file upload restrictions. By creating a new 'File/MIME Types' using the '.phar' extension, an attacker can then upload a malicious file. The attacker can intercept the request and change the extension to '.phar', enabling them to run commands on the server.

Recommendations For Zenario CMS version 9.2, consider restricting the ability to create new 'File/MIME Types' or limiting the use of the '.phar' extension to prevent malicious file uploads. As a temporary workaround, restrict access to the file upload feature for authenticated admin users until a proper fix is applied.