漏洞描述
Zimbra Collaboration(又名 ZCS)8.8.15 和 9.0 具有 mboximport 功能,可接收 ZIP存档并从中提取文件。具有管理员权限的经过身份验证的用户能够将任意文件上传到系统,从而导致命令执行。
zimbraAdmin命令执行(CVE-2022-27925)
PoC代码
暂无相关漏洞推荐
- CVE-2019-9670: Zimbra Collaboration XXE
- POC CVE-2013-7091: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
- POC CVE-2018-14013: Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
- POC CVE-2019-9670: Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection
- POC CVE-2020-7796: Zimbra Collaboration Suite < 8.8.15 Patch 7 - Server-Side Request Forgery
- POC CVE-2022-27926: Zimbra Collaboration (ZCS) - Cross Site Scripting
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2023-34192: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2023-37580: Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
- POC CVE-2024-45519: Zimbra Collaboration Suite < 9.0.0 - Remote Code Execution
- POC CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution
- POC CVE-2019-9621: Zimbra Collaboration Suite - SSRF
- POC CVE-2022-24682: Zimbra Collaboration Suite < 8.8.15 - Improper Encoding