This is a technical writeup describing an arbitrary file upload vulnerability in ZeeNetworking v1x. The vulnerability allows attackers to upload arbitrary files by exploiting the member_photo.php endpoint, potentially leading to remote code execution.
Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:ZeeNetworking v1x
No auth needed
Prerequisites:Access to the vulnerable endpoint · Ability to craft malicious file upload requests