CVE-2022-34919

CRITICAL

Zengenti Contensis < 15.2.1.79 - Authentication Bypass

Title source: rule

Description

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

Exploits (1)

nomisec WRITEUP

by ahajnik · poc

https://github.com/ahajnik/CVE-2022-34919

View Code ZIP pw:eip

References (2)

[Product] https://www.zengenti.com/

[Exploit, Third Party Advisory] https://github.com/ahajnik/CVE-2022-34919

Scores

CVSS v3 9.8

EPSS 0.0133

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

zengenti/contensis < 15.2.1.79

Published Aug 23, 2022

Tracked Since Feb 18, 2026