An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.
The /admin/upgrade endpoint in CSZ CMS v1.3.0 does not properly validate the contents of uploaded Zip files (CWE-434 — unrestricted upload of file with dangerous type). An attacker can prepare a Zip archive containing a malicious executable file (e.g., webshell) and upload it to the vulnerable endpoint. After the archive is extracted by the application, the malicious file lands in an accessible location on the server, enabling its execution and arbitrary code execution.
An attacker can gain full control over the server by executing arbitrary code in the context of the web application process — including data theft, backdoor installation, or further lateral movement in the network.
Patches available from the vendor should be applied according to the references. Until updating, it is recommended to restrict access to the /admin/upgrade endpoint at the firewall or web server level and monitor unauthorized file uploads.
CSZ CMS version 1.3.0
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCszcms Csz Cms
APPCszcms1.3.0
Related vulnerabilities
SQL Injection w CSZCMS 1.3.0 — funkcja podglądu członków
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers