Exploit for #VU19316 OS Command Injection in Zeroshell

Published: 2021-05-20 | Updated: 2021-09-22

Vulnerability identifier: #VU19316

Vulnerability risk: Critical

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Red]

CVE-ID: CVE-2019-12725

CWE-ID: CWE-78

Exploitation vector: Network

Exploits in database: 3

September 22, 2021
- PocList (漏洞POC、EXP合集，持续更新。Apache Druid-任意文件读取（CVE-2021-36749）、ConfluenceRCE（CVE-2021-26084）、ZeroShell防火墙RCE（CVE-2019-12725）、ApacheSolr任意文件读取、蓝凌OA任意文件读取、phpStudyRCE、ShowDoc任意文件上传、原创先锋后台未授权、Kyan账号密码泄露、TerraMasterTos任意文件读取、TamronOS-IPTV系统RCE、Wayos防火墙账号密码泄露) [Github]
June 17, 2021
- ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit) [Exploit-DB]
May 20, 2021
- ZeroShell 3.9.0 - Remote Command Execution [Exploit-DB]

Vulnerable software:
Zeroshell
Web applications / Other software

Vendor: ZeroShell