CVE-2021-47794

Name of the Vulnerable Software and Affected Versions ZesleCP version 3.1.9

Description The software contains an authenticated remote code execution issue. An attacker can create malicious FTP accounts with shell injection payloads. Exploitation involves the FTP account creation endpoint, allowing injection of a reverse shell command to establish a network connection to a specified listening host. The vulnerable functionality allows attackers to execute arbitrary code on the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.