CVE-2022-44136

CRITICAL

Zenario CMS 9.3.57186 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-44136. PoCs published by Ch35h1r3c47.

AI-analyzed exploit summary This PoC exploits an unrestricted file upload vulnerability in Zenario CMS 9.3 by spoofing the MIME type to bypass extension checks, allowing arbitrary PHP file uploads for remote code execution.

Description

Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).

Exploits (1)

nomisec WORKING POC 1 stars

by Ch35h1r3c47 · poc

https://github.com/Ch35h1r3c47/CVE-2022-44136-poc

View Code ZIP pw:eip

This PoC exploits an unrestricted file upload vulnerability in Zenario CMS 9.3 by spoofing the MIME type to bypass extension checks, allowing arbitrary PHP file uploads for remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Zenario CMS 9.3

Auth required

Prerequisites: Authenticated access to Zenario CMS · Network access to target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Tool Signature

https://com0t.github.io/zenar.io/2022/10/18/Unauthent-RCE-Zenar.io~9.3.html

Scores

CVSS v3 9.8

EPSS 0.0091

EPSS Percentile 76.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

Status published

Products (2)

tribalsystems/zenario 9.3.57186

tribalsystems/zenario 0 - 9.0.57473Packagist

Published Nov 30, 2022

Tracked Since Feb 18, 2026