Lucene search

K
packetstormAbdulaziz AlmisferPACKETSTORM:161569
HistoryFeb 26, 2021 - 12:00 a.m.

Zenphoto CMS 1.5.7 Shell Upload

2021-02-2600:00:00
Abdulaziz Almisfer
packetstormsecurity.com
312
` Authenticated arbitrary file upload to RCE  
  
Product : Zenphoto   
Affected : Zenphoto CMS - <= 1.5.7  
Attack Type : Remote  
  
login then go to plugins then go to uploader and press on the check box elFinder  
then press apply , after that you go to upload then Files(elFinder) drag and drop  
any malicious php code after that go to /uploaded/ and you're php code  
  
--------------------------------------------------------------------------------------------  
Zenphoto through 1.5.7 is affected by authenticated arbitrary file  
upload, leading to remote code execution. The attacker must navigate to  
the uploader plugin, check the elFinder box, and then drag and drop  
files into the Files(elFinder) portion of the UI. This can, for  
example, place a .php file in the server's uploaded/ directory.  
  
[Reference]  
https://www.linkedin.com/in/abdulaziz-almisfer-22a7861ab/   
https://twitter.com/3almisfer  
https://github.com/azizalshammari/  
  
------------------------------------------  
[Discoverer]  
Abdulaziz Almisfer  
  
CVE-2020-36079  
`
Related for PACKETSTORM:161569