Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
AnalysisAI
Zip slip to RCE in MojoPortal CMS v2.9.0.1 via /DesignTools/SkinList.aspx. Malicious ZIP archives write files outside extraction directory, enabling code execution. CVSS 10.0.
Technical ContextAI
CWE-22 path traversal in ZIP extraction. Malicious ZIP entries escape the extraction directory.
Affected ProductsAI
MojoPortal CMS v2.9.0.1
RemediationAI
Update MojoPortal. Validate ZIP entry paths.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today