CVE-2022-37042

This repository contains a functional Go-based exploit for CVE-2022-37042, which targets an authentication bypass in Zimbra Collaboration Suite leading to remote code execution via arbitrary file upload. The tool supports both vulnerability scanning and exploitation, including webshell upload capabilities.

This repository contains a functional Nuclei template for CVE-2022-37042, which exploits an unauthenticated RCE vulnerability in Zimbra Collaboration Suite via mboximport functionality. The template uploads a malicious ZIP archive to achieve directory traversal and remote code execution.

This repository contains a functional exploit for CVE-2022-37042, a vulnerability in Zimbra Collaboration Suite. The exploit leverages a path traversal flaw to upload a malicious JSP shell, achieving remote code execution (RCE) on the target system.

The repository provides a detailed description of CVE-2022-37042, an RCE and path traversal vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0, stemming from an incomplete fix for CVE-2022-27925. It includes technical context, affected versions, and detection methods like Shodan/FoFa dorks and Nuclei scanning templates.

This Metasploit module exploits a path traversal vulnerability in Zimbra Collaboration Suite's ZIP implementation (CVE-2022-27925) to upload a JSP-based backdoor. It sends a malicious ZIP file via POST request to the mboximport endpoint, extracts the payload to a traversed path, and triggers execution via HTTP GET.