CVE-2021-47794

Sažetak

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.

Reference

https://www.exploit-db.com/exploits/50233
https://www.vulncheck.com/advisories/zeslecp-remote-code-execution-rce-authenticated
https://www.youtube.com/watch?v=5lTDTEBVq-0
https://zeslecp.com/

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

21-01-2026 - 21:56

Objavljeno

16-01-2026 - 00:16