An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution.
References
Link | Resource |
---|---|
https://gist.github.com/Threonic/e90c85e11e1ac925ff57783988779e76 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2022-12-05 22:15
Updated : 2024-02-28 19:51
NVD link : CVE-2022-45912
Mitre link : CVE-2022-45912
CVE.ORG link : CVE-2022-45912
JSON object : View
Products Affected
zimbra
- collaboration
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type