An Eval Injection issue was discovered in Znuny through 7.1.3. A user with write access to the configuration file can use this to execute a command executed by the user running the backup.pl script.
The vulnerability consists of the ability to inject malicious code into the configuration file by a user with write permissions to that file (CWE-94, CWE-95). The injected code is then evaluated (executed) when the backup.pl script is run. Commands are executed in the context of the system account on which the script runs.
An attacker can execute arbitrary system commands with the privileges of the user running the backup.pl script, which may lead to complete server takeover, data theft, or system integrity violation.
Apply patches available from the vendor according to references (https://www.znuny.org/en/advisories/zsa-2025-03). Additionally, it is recommended to restrict write access to the configuration file only to trusted administrative users.
Znuny in versions up to 7.1.3 inclusive.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HZnuny
APPZnuny6.0.31 – 6.0.486.5.1 – 6.5.117.0.1 – 7.1.3
Related vulnerabilities
Brak weryfikacji uprawnień w Generic Interface systemu Znuny (eskalacja uprawnień)
Znuny: Ciasteczko sesji bez flagi HttpOnly — ryzyko kradzieży sesji
Path traversal i RCE w Znuny poprzez manipulację żądaniem AJAX
An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encr...
An issue was discovered in Znuny before 7.1.5. When generating a support bundle, not all passwords are masked.