CVE-2021-44093

Name of the Vulnerable Software and Affected Versions: zrlog version 2.2.2

Description: A Remote Command Execution issue exists in the upload avatar function, allowing an attacker to bypass original limits, upload a JSP file, and obtain a WebShell.

Recommendations: For zrlog version 2.2.2, as a temporary workaround, consider disabling the upload avatar function until a patch is available. Restrict access to the upload functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.