Exploit for Citrix ShareFile StorageZones file upload

Name: Exploit for Citrix ShareFile StorageZones file upload
Rating: 5 (6 reviews)

2023-08-28 | CVSS 7.4

## https://sploitus.com/exploit?id=SAINT:72A692528C5243C2AB5AB8F4F30369B4
Added: 08/28/2023  


### Background

[ShareFile](<https://www.sharefile.com/>) is a file sharing service. [StorageZones](<https://docs.sharefile.com/en-us/storage-zones-controller/5-0>) are user-maintained storage for ShareFile data. 

### Problem

A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution. 

### Resolution

[Upgrade](<https://www.citrix.com/downloads/sharefile/product-software/sharefile-storagezones-controller-511.html>) to ShareFile StorageZones Controller 5.11.24 or higher. 

### References

<https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489>  


### Limitations

The uploaded files must be manually removed from the cifs folder after this exploit succeeds.