This issue was discovered and reported by Dawid Golunski from Fortinet. The Zenario CMS is a content management system with a focus on community publishing. It is used by a lot of different companies and organizations. Some of them are listed below. Zenmio CMS is used by the following companies: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are
Zenmio CMS
- Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products
-Zenmio is used by these companies
A blog post on this issue found on www.dawidgolunski.com
The following software solutions are used by Zenmio:
- Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are:
- ZEMIO, LLC
- ZEMIO, LLC
- ZENMIIO, LLC
- ZENMIIO, LLC
Zenmio CMS Vulnerabilities
1) When an administrator is trying to change the password, they are provided with a URL that they must type in. By typing this URL, the user will be authenticated and therefore able to access the CMS without being logged in.
2) A vulnerability in the plugin which allows users to delete accounts is present due to a lack of validation on input. If a user visits a page displaying the “Delete Account” button, then entering a valid email address into that field and clicking “Submit” will cause their account to be deleted.
3) Allowing remote code execution through PHP code injection
4) Compromised data
5) XSS vulnerabilities
Zenmio CMS Vulnerability CVE-2022-4231
The vulnerability was discovered and reported by Dawid Golunski from Fortinet. The vulnerability allows the attacker to execute arbitrary commands on the affected system due to insufficient input validation. An attacker may leverage this vulnerability to execute commands on the system that would otherwise be denied access or possibly cause a denial of service condition as well. This issue affects a lot of different systems so it's important for everyone using Zenmio CMS to update their software ASAP.
Timeline
Published on: 11/30/2022 12:15:00 UTC
Last modified on: 12/06/2022 16:46:00 UTC