Critical (10.0)

CVE-2025-69770

A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file....

CVSS Score 10.0

Security Advisory: Critical File Upload Vulnerability in MojoPortal CMS

Overview

A critical security vulnerability has been identified in MojoPortal CMS version 2.9.0.1. This flaw, known as a “Zip Slip” vulnerability, exists in the /DesignTools/SkinList.aspx endpoint. It allows an authenticated attacker to upload a specially crafted ZIP archive that can overwrite critical system files, leading to remote command execution on the server.

In simple terms, the system does not properly validate the file paths contained within uploaded ZIP files. An attacker can create a ZIP file that, when extracted, places malicious files outside the intended directory—potentially anywhere on the server’s filesystem.

Impact

The impact of this vulnerability is severe (CVSS Score: 10.0). A successful exploit could allow an attacker to:

  • Execute arbitrary commands on the underlying server with the privileges of the web application.
  • Overwrite or delete critical system files, leading to a complete system compromise.
  • Install persistent backdoors, malware, or web shells to maintain access.
  • Disrupt website operations or deface the web application.

Any MojoPortal CMS 2.9.0.1 instance with the Design Tools feature accessible to an authenticated user is at immediate risk.

Remediation and Mitigation

Immediate action is required to protect affected systems.

Primary Remediation:

  1. Upgrade Immediately. Apply the official patch or upgrade to a newer, fixed version of MojoPortal CMS as soon as it is released by the vendor. Monitor the official MojoPortal project channels for security updates.

Immediate Mitigations (If Patching is Not Yet Possible):

  1. Restrict Access. If the Design Tools feature is not essential, immediately disable or restrict access to the /DesignTools/SkinList.aspx endpoint using web application firewall (WAF) rules, server configuration (e.g., .htaccess, web.config), or network access controls.
  2. Review User Accounts. Audit and minimize the number of user accounts with permissions to access the Design Tools or administrative sections of the CMS.
  3. Monitor for Compromise. Actively review server filesystem logs, web server access/error logs, and system integrity for any unauthorized file changes or suspicious activity originating from the CMS directory.

General Best Practice:

  • Always run web applications with the minimum necessary operating system privileges to limit the potential damage of a successful exploit.

Conclusion

This is a critical vulnerability that provides a direct path for attackers to take full control of an affected MojoPortal CMS server. Organizations should treat this with high priority, implement the recommended mitigations immediately, and plan for a permanent upgrade to a patched version at the earliest opportunity.