CVE-2019-12725

EPSS 90.0%

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

Affected products

n/a · n/a

public PoCs found — 10

githubgithub.com/sma11new/PocList★ 176 githubgithub.com/hev0x/CVE-2019-12725-Command-Injection★ 2 githubgithub.com/YZS17/CVE-2019-12725★ 1 githubgithub.com/givemefivw/CVE-2019-12725★ 1 githubgithub.com/t0mmy4/CVE-2019-12725-modified-exp★ 0 githubgithub.com/gougou123-hash/CVE-2019-12725★ 0 exploitdbwww.exploit-db.com/exploits/49862unverified cve_referencepacketstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/49096unverified cve_referencepacketstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.htmlunverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html https://www.tarlogic.com/advisories/zeroshell-rce-root.txt https://zeroshell.org/blog/