Vulnerabilities > Tribalsystems > Zenario > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-14 CVE-2021-42171 Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.0.54156
Zenario CMS 9.0.54156 is vulnerable to File Upload.
network
low complexity
tribalsystems CWE-434
6.5
2022-02-24 CVE-2022-23043 Unrestricted Upload of File with Dangerous Type vulnerability in Tribalsystems Zenario 9.2
Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension.
network
low complexity
tribalsystems CWE-434
6.5
2021-04-16 CVE-2021-26830 SQL Injection vulnerability in Tribalsystems Zenario 8.8.52729
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin.
network
low complexity
tribalsystems CWE-89
6.4
2018-10-19 CVE-2018-18420 Cross-Site Request Forgery (CSRF) vulnerability in Tribalsystems Zenario 8.3
Cross-Site Request Forgery (CSRF) vulnerability was discovered in the 8.3 version of Zenario Content Management System via the admin/organizer.ajax.php?path=zenario__content%2Fpanels%2Fcontent URI.
6.8
2018-01-22 CVE-2018-5960 SQL Injection vulnerability in Tribalsystems Zenario
Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of organizer.php or admin_boxes.ajax.php in the `Categories - Edit` module.
network
low complexity
tribalsystems CWE-89
6.5