Saturday, February 27, 2021

Zenphoto CMS 1.5.7 Shell Upload

            Authenticated arbitrary file upload to RCE

Product : Zenphoto
Affected : Zenphoto CMS - <= 1.5.7
Attack Type : Remote

login then go to plugins then go to uploader and press on the check box elFinder
then press apply , after that you go to upload then Files(elFinder) drag and drop
any malicious php code after that go to /uploaded/ and you're php code

Zenphoto through 1.5.7 is affected by authenticated arbitrary file
upload, leading to remote code execution. The attacker must navigate to
the uploader plugin, check the elFinder box, and then drag and drop
files into the Files(elFinder) portion of the UI. This can, for
example, place a .php file in the server's uploaded/ directory.


Abdulaziz Almisfer


Copyright © 2021 Vulnerability Database | Cyber Details™

thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore