Description
Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and earlier allows remote attackers to bypass intended access restrictions and upload and execute arbitrary files by uploading an avatar file with an accepted Content-Type such as image/jpeg.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4864
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/0801-exploits/zerocms-sql.txt
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4864
Scores
EPSS
0.0219
EPSS Percentile
84.5%
Details
CWE
CWE-264
Status
published
Products (1)
zero_cms/zero_cms
1.0_alpha
Published
Jan 11, 2008
Tracked Since
Feb 18, 2026