CVE-2019-12725

EPSS 90.0%

Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 10

githubgithub.com/sma11new/PocList★ 176 githubgithub.com/hev0x/CVE-2019-12725-Command-Injection★ 2 githubgithub.com/YZS17/CVE-2019-12725★ 1 githubgithub.com/givemefivw/CVE-2019-12725★ 1 githubgithub.com/t0mmy4/CVE-2019-12725-modified-exp★ 0 githubgithub.com/gougou123-hash/CVE-2019-12725★ 0 exploitdbwww.exploit-db.com/exploits/49862no verificado cve_referencepacketstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.htmlno verificado exploitdbwww.exploit-db.com/exploits/49096no verificado cve_referencepacketstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.htmlno verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/160211/ZeroShell-3.9.0-Remote-Command-Execution.html http://packetstormsecurity.com/files/162561/ZeroShell-3.9.0-Remote-Command-Execution.html https://www.tarlogic.com/advisories/zeroshell-rce-root.txt https://zeroshell.org/blog/