Podatność CVE-2021-40845
Publikacja: 2021-09-15

Opis:
The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

W naszej bazie, znaleźliśmy następujące noty dla tego CVE:
Tytuł
Autor
Data
High
AlphaWeb XE File Upload Remote Code Execution (Authenticated)
Ricardo Ruiz (@r...
15.09.2021
High
Zenitel AlphaCom XE Audio Server 11.2.3.10 Shell Upload
Ricardo Jose Rui...
17.09.2021

Typ:

CWE-264

 (Permissions, Privileges, and Access Controls)

 Referencje:
https://ricardojoserf.github.io/CVE-2021-40845/
https://github.com/ricardojoserf/CVE-2021-40845
http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html
Copyright 2024, cxsecurity.com

 

Back to Top