Citrix ShareFile StorageZones file upload

Added: 08/28/2023

Background

ShareFile is a file sharing service. StorageZones are user-maintained storage for ShareFile data.

Problem

A vulnerability in ShareFile StorageZones Controller allows remote attackers to upload arbitrary files, leading to command execution.

Resolution

Upgrade to ShareFile StorageZones Controller 5.11.24 or higher.

References

https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489

Limitations

The uploaded files must be manually removed from the cifs folder after this exploit succeeds.
Back to exploit index