CVE-2022-4231 A vulnerability has been found in Tribal Systems Zenario CMS 9.3.57595 that affects Remember Me Handler. Manipulation leads to session fixiation.

This issue was discovered and reported by Dawid Golunski from Fortinet. The Zenario CMS is a content management system with a focus on community publishing. It is used by a lot of different companies and organizations. Some of them are listed below. Zenmio CMS is used by the following companies: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are

Zenmio CMS

- Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products
-Zenmio is used by these companies
A blog post on this issue found on www.dawidgolunski.com

The following software solutions are used by Zenmio:

- Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are: - Zenmio is a Chinese software company that provides a variety of software products. Some of those products are listed below. Some of the products offered by Zenmio are:
- ZEMIO, LLC
- ZEMIO, LLC
- ZENMIIO, LLC
- ZENMIIO, LLC

Zenmio CMS Vulnerabilities

1) When an administrator is trying to change the password, they are provided with a URL that they must type in. By typing this URL, the user will be authenticated and therefore able to access the CMS without being logged in.
2) A vulnerability in the plugin which allows users to delete accounts is present due to a lack of validation on input. If a user visits a page displaying the “Delete Account” button, then entering a valid email address into that field and clicking “Submit” will cause their account to be deleted.
3) Allowing remote code execution through PHP code injection
4) Compromised data
5) XSS vulnerabilities

Zenmio CMS Vulnerability CVE-2022-4231

The vulnerability was discovered and reported by Dawid Golunski from Fortinet. The vulnerability allows the attacker to execute arbitrary commands on the affected system due to insufficient input validation. An attacker may leverage this vulnerability to execute commands on the system that would otherwise be denied access or possibly cause a denial of service condition as well. This issue affects a lot of different systems so it's important for everyone using Zenmio CMS to update their software ASAP.

Timeline

Published on: 11/30/2022 12:15:00 UTC
Last modified on: 12/06/2022 16:46:00 UTC

References