CVE-2021-42171 – tribalsystems/zenario

Package

Manager: composer
Name: tribalsystems/zenario
Vulnerable Version: >=0 <9.0.55143

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.17813 pctl0.94878

Details

Unrestricted Upload of File with Dangerous Type in Zenario CMS Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.

Metadata

Created: 2022-03-15T00:00:58Z
Modified: 2022-03-28T22:21:50Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-rgg3-3wh7-w935/GHSA-rgg3-3wh7-w935.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-rgg3-3wh7-w935
Finding: F027
Auto approve: 1