cve/2022/CVE-2022-27925.md

### [CVE-2022-27925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27925)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.

### POC

#### Reference
- http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html

#### Github
- https://github.com/0xf4n9x/CVE-2022-37042
- https://github.com/20142995/pocsuite3
- https://github.com/2lambda123/panopticon-unattributed
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Chocapikk/CVE-2022-27925-Revshell
- https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925
- https://github.com/Inplex-sys/CVE-2022-27925
- https://github.com/Josexv1/CVE-2022-27925
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Panopticon-Project/panopticon-unattributed
- https://github.com/SYRTI/POC_to_review
- https://github.com/WhooAmii/POC_to_review
- https://github.com/akincibor/CVE-2022-27925
- https://github.com/dravenww/curated-article
- https://github.com/jam620/Zimbra
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/k8gege/Ladon
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/lolminerxmrig/CVE-2022-27925-Revshell
- https://github.com/luck-ying/Library-POC
- https://github.com/manas3c/CVE-POC
- https://github.com/miko550/CVE-2022-27925
- https://github.com/mohamedbenchikh/CVE-2022-27925
- https://github.com/navokus/CVE-2022-27925
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/onlyHerold22/CVE-2022-27925-PoC
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/sponkmonk/Ladon_english_update
- https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell
- https://github.com/trhacknon/Pocingit
- https://github.com/vnhacker1337/CVE-2022-27925-PoC
- https://github.com/whoforget/CVE-POC
- https://github.com/xanszZZ/pocsuite3-poc
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2022-27925](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27925)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.`

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/168146/Zimbra-Zip-Path-Traversal.html`

			`#### Github`
			`- https://github.com/0xf4n9x/CVE-2022-37042`
			`- https://github.com/20142995/pocsuite3`
			`- https://github.com/2lambda123/panopticon-unattributed`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Chocapikk/CVE-2022-27925-Revshell`
			`- https://github.com/GreyNoise-Intelligence/Zimbra_CVE-2022-37042-_CVE-2022-27925`
			`- https://github.com/Inplex-sys/CVE-2022-27925`
			`- https://github.com/Josexv1/CVE-2022-27925`
			`- https://github.com/Mr-xn/Penetration_Testing_POC`
			`- https://github.com/NaInSec/CVE-PoC-in-GitHub`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/Panopticon-Project/panopticon-unattributed`
			`- https://github.com/SYRTI/POC_to_review`
			`- https://github.com/WhooAmii/POC_to_review`
			`- https://github.com/akincibor/CVE-2022-27925`
			`- https://github.com/dravenww/curated-article`
			`- https://github.com/jam620/Zimbra`
			`- https://github.com/k0mi-tg/CVE-POC`
			`- https://github.com/k8gege/Ladon`
			`- https://github.com/lions2012/Penetration_Testing_POC`
			`- https://github.com/lolminerxmrig/CVE-2022-27925-Revshell`
			`- https://github.com/luck-ying/Library-POC`
			`- https://github.com/manas3c/CVE-POC`
			`- https://github.com/miko550/CVE-2022-27925`
			`- https://github.com/mohamedbenchikh/CVE-2022-27925`
			`- https://github.com/navokus/CVE-2022-27925`
			`- https://github.com/nomi-sec/PoC-in-GitHub`
			`- https://github.com/onlyHerold22/CVE-2022-27925-PoC`
Update CVE sources 2024-06-07 04:52 2024-06-07 04:52:01 +00:00			`- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/sponkmonk/Ladon_english_update`
			`- https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell`
			`- https://github.com/trhacknon/Pocingit`
			`- https://github.com/vnhacker1337/CVE-2022-27925-PoC`
			`- https://github.com/whoforget/CVE-POC`
			`- https://github.com/xanszZZ/pocsuite3-poc`
			`- https://github.com/xuetusummer/Penetration_Testing_POC`
			`- https://github.com/youwizard/CVE-POC`
			`- https://github.com/zecool/cve`