PT-2026-8017 · Unknown · Mojoportal Cms
Published
2026-02-13
·
Updated
2026-02-18
·
CVE-2025-69770
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
MojoPortal CMS version 2.9.0.1
Description
A zip slip vulnerability exists in the
/DesignTools/SkinList.aspx API endpoint of the software. This allows attackers to execute arbitrary commands by uploading a specially crafted zip file. The zip file is processed without sufficient security checks, potentially leading to unintended file extraction and code execution. The vulnerable parameter is the uploaded zip file.Recommendations
Apply updates to address the zip slip vulnerability in the
/DesignTools/SkinList.aspx endpoint.Fix
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mojoportal Cms