Vulnerabilities > Tribalsystems > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-14 | CVE-2021-42171 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156 Zenario CMS 9.0.54156 is vulnerable to File Upload. | 7.2 |
| 2022-02-24 | CVE-2022-23043 | Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2 Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. | 7.2 |
| 2018-10-19 | CVE-2018-18420 | Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3 Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI. | 8.8 |
| 2018-01-22 | CVE-2018-5960 | SQL Injection vulnerability in Tribalsystems Zenario Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module. | 8.8 |