cve/CVE-2021-40845.md at 93476d6c370e261fdc1b2b03a08066de45e4892d

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-30 18:56:19 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory.

POC

Reference

http://packetstormsecurity.com/files/164149/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html
http://packetstormsecurity.com/files/164160/Zenitel-AlphaCom-XE-Audio-Server-11.2.3.10-Shell-Upload.html
https://github.com/ricardojoserf/CVE-2021-40845
https://ricardojoserf.github.io/CVE-2021-40845/

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/FDlucifer/firece-fish
https://github.com/anquanscan/sec-tools
https://github.com/ricardojoserf/CVE-2021-40845

1.1 KiB Raw Blame History

CVE-2021-40845

Description

POC

Reference

Github

1.1 KiB

Raw Blame History