CVE-2025-69770 in MojoPortal
Summary
by MITRE • 02/13/2026
A zip slip vulnerability in the /DesignTools/SkinList.aspx endpoint of MojoPortal CMS v2.9.0.1 allows attackers to execute arbitrary commands via uploading a crafted zip file.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/13/2026
The zip slip vulnerability in MojoPortal CMS v2.9.0.1 represents a critical security flaw that enables remote code execution through improper file extraction handling. This vulnerability specifically affects the /DesignTools/SkinList.aspx endpoint which processes zip file uploads for skin customization. The flaw stems from inadequate path validation during decompression operations, allowing attackers to manipulate file paths and write malicious content outside intended directories. The vulnerability is classified under CWE-22 as Improper Limitation of a Pathname to a Restricted Directory, which directly relates to the insecure handling of file paths during archive extraction. This weakness creates a pathway for attackers to execute arbitrary code on the affected system, potentially leading to complete system compromise.
The technical implementation of this vulnerability occurs when the application accepts user-supplied zip files containing skins or design elements without proper sanitization of archive contents. During the extraction process, the system fails to validate whether extracted file paths remain within the designated target directory, allowing malicious actors to include directory traversal sequences such as ../ or ..\ in their archive entries. When the application decompresses these archives, it creates files at arbitrary locations on the filesystem, potentially overwriting critical system files or creating backdoor access points. The ATT&CK framework categorizes this as T1059.001 Command and Scripting Interpreter and T1078 Valid Accounts, as the vulnerability can lead to persistent access through command execution capabilities. The impact extends beyond simple file manipulation to include full system compromise when attackers leverage the ability to execute arbitrary commands through the compromised upload functionality.
The operational consequences of this vulnerability are severe and multifaceted, affecting both the integrity and availability of MojoPortal installations. Attackers can exploit this flaw to gain unauthorized access to the application server, potentially leading to data breaches, service disruption, or further lateral movement within network environments. The vulnerability affects all installations running MojoPortal CMS version 2.9.0.1, making it particularly dangerous given the widespread use of this content management system. Organizations may face regulatory compliance violations, reputational damage, and financial losses due to potential data exposure or service interruptions. The vulnerability's exploitability is relatively straightforward, requiring only a crafted zip file with malicious path structures, making it accessible to threat actors with moderate technical skills.
Mitigation strategies for this vulnerability must address both immediate remediation and long-term security improvements. The most effective immediate solution involves applying the vendor-provided patch or upgrading to a patched version of MojoPortal CMS, which should include proper path validation and sanitization during file extraction processes. Organizations should implement strict input validation for all file upload operations, particularly focusing on archive content verification and path normalization. Network-level protections such as web application firewalls can provide additional detection capabilities for suspicious upload patterns. Security teams should conduct comprehensive vulnerability assessments of all file upload functionalities within their applications, implementing proper sandboxing and privilege separation for file processing operations. Regular security testing including penetration testing and static code analysis should be performed to identify similar vulnerabilities in other components of the application stack, ensuring comprehensive protection against similar attack vectors.