CVE-2021-47794

High CVSS: 8.7

ZesleCP 3.1.9 contains an authenticated remote code execution vulnerability that allows attackers to create malicious FTP accounts with shell injection payloads. Attackers can exploit the FTP account creation endpoint by injecting a reverse shell command that establishes a network connection to a specified listening host.

Vendor

Zesle

Product

Zeslecp

CWE

CWE-78

Yayın Tarihi

2026-01-16 00:16:23

Güncelleme

2026-01-21 21:56:15

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-78 Zeslecp HIGH Zesle 2026

Referanslar

https://www.exploit-db.com/exploits/50233 https://www.vulncheck.com/advisories/zeslecp-remote-code-execution-rce-authenticated https://www.youtube.com/watch?v=5lTDTEBVq-0 https://zeslecp.com/