Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw

Critical EPSS: 0.17088% (0.94613 Percentile) EPSS:
Permalink JSON

Unrestricted Upload of File with Dangerous Type in Zenario CMS

Affected Packages Affected Versions Fixed Versions
packagist:tribalsystems/zenario <= 9.0.54156 9.0.55143
1 Dependent packages
1 Dependent repositories
188 Downloads total

Affected Version Ranges

All affected versions

7.5.40440, 7.5.41006, 7.5.41499, 7.5.41633, 7.5.42085, 7.5.42990, 7.5.47180, 7.6.41504, 7.6.41633, 7.6.42085, 7.6.42990, 7.6.47180, 7.7.42682, 7.7.42963, 7.7.42990, 7.7.44223, 7.7.47180, 7.7.47369, 7.7.48583, 8.0.44237, 8.0.44273, 8.0.44294, 8.0.44521, 8.0.45032, 8.0.45250, 8.0.45529, 8.0.47180, 8.0.48583, 8.1.45530, 8.1.45698, 8.1.46089, 8.1.46433, 8.1.46615, 8.1.47180, 8.1.47369, 8.1.48583, 8.2.46436, 8.2.46614, 8.2.47180, 8.2.47369, 8.2.47992, 8.2.48583, 8.3.47997, 8.3.48583, 8.3.50564, 8.4.50565, 8.4.51340, 8.5.50567, 8.5.50837, 8.5.51340, 8.6.51342, 8.8.53370, 8.8.53725, 8.8.54063, 8.9.54063, 8.9.54149, 8.9.54153, 8.9.55141, 9.0.54156

All unaffected versions

9.0.55141, 9.0.57473, 9.1.55143, 9.1.55510, 9.1.55619, 9.1.57473, 9.2.55826, 9.2.57169, 9.2.57473, 9.3.57186, 9.3.57474, 9.3.57595, 9.3.57709, 9.3.57754, 9.3.58670, 9.4.58686, 9.4.59197, 9.4.59574, 9.4.60437, 9.5.59574, 9.5.59647, 9.5.60240, 9.5.60437, 9.5.60602, 9.6.60604, 9.6.60771, 9.6.61188, 9.7.61188, 9.7.63394, 10.1.63396

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth.

References:

Identifiers

GHSA-rgg3-3wh7-w935

CVE-2021-42171

Risk

Severity

Critical

EPSS

EPSS Percentage: 0.17088

EPSS Percentile: 0.94613

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/hieuminhnv/Zenario-CMS-9.0-last-version

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON