Arbitrary File Upload Vulnerability in CSZ CMS by CSZ
CVE-2019-15524

9.8CRITICAL

Key Information:

Vendor: Cszcms
Status: Csz Cms
Vendor: CVE Published:; 26 August 2019

What is CVE-2019-15524?

The CSZ CMS version 1.2.3 contains a vulnerability that permits arbitrary file uploads through the File Management Module. An attacker can exploit this weakness by uploading a malicious .php file via the admin/filemanager interface. This ultimately enables remote code execution by directly accessing the specified URI, such as photo/upload/2019/. To mitigate this vulnerability, it is crucial to apply security best practices and consider updating to the latest secure version of the product.

References

https://www.cszcms.com

x_refsource_MISC

https://pastebin.com/vbx4JWQh

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2019
Vulnerability Reserved
Aug 23, 2019

JSON

Cszcms

What is CVE-2019-15524?

References

CVSS V3.1

Timeline