CVE-2022-34919

CRITICAL

Zengenti Contensis < 15.2.1.79 - Unauthenticated Remote Code Execution via File Upload Wizard

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-34919. PoCs published by ahajnik.

AI-analyzed exploit summary This repository provides a detailed technical writeup for CVE-2022-34919, an unauthenticated arbitrary file upload vulnerability in Contensis CMS. It includes step-by-step exploitation details, HTTP request formats, and screenshots demonstrating the attack chain.

Description

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.

Exploits (1)

nomisec WRITEUP

by ahajnik · poc

https://github.com/ahajnik/CVE-2022-34919

View Code ZIP pw:eip

This repository provides a detailed technical writeup for CVE-2022-34919, an unauthenticated arbitrary file upload vulnerability in Contensis CMS. It includes step-by-step exploitation details, HTTP request formats, and screenshots demonstrating the attack chain.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Contensis CMS < 15.2.1.79

No auth needed

Prerequisites: Access to the target Contensis CMS instance · Network connectivity to the REST API endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Product x_refsource_misc

https://www.zengenti.com/

Exploit, Third Party Advisory x_refsource_misc

https://github.com/ahajnik/CVE-2022-34919

Scores

CVSS v3 9.8

EPSS 0.0135

EPSS Percentile 67.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

zengenti/contensis < 15.2.1.79

Published Aug 23, 2022

Tracked Since Feb 18, 2026