PT-2022-25623 · Unknown · Zoo Management System
Tmoontadmind
·
Published
2022-09-26
·
Updated
2023-11-14
·
CVE-2022-40925
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoo Management System version 1.0
Description
The issue is related to an arbitrary file upload vulnerability in the picture upload point of the "save event" file of the "Events" module in the background management system. This vulnerability is present in the "save event" file, which is part of the "Events" module.
Recommendations
For Zoo Management System version 1.0, consider disabling the picture upload functionality in the "save event" file of the "Events" module until a patch is available. Restrict access to the "save event" file to minimize the risk of exploitation. Avoid using the picture upload point in the "Events" module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoo Management System